CVE-2024-39354

Delta Electronics DIAScreen Stack-based Buffer Overflow

Description

If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.

Remediation

Solution:

Delta Electronics has released v1.5.0 of DIAScreen (login required) https://diastudio.deltaww.com/home/downloads and recommends users install this update on all affected systems. For more information, please see the Delta product cybersecurity advisory for these issues. https://www.deltaww.com/en-US/Cybersecurity_Advisory

References

Link	Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-02	us government resource
https://www.deltaww.com/en-US/Cybersecurity_Advisory	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-39354?: CVE-2024-39354 has been scored as a high severity vulnerability.
How to fix CVE-2024-39354?: To fix CVE-2024-39354: Delta Electronics has released v1.5.0 of DIAScreen (login required) https://diastudio.deltaww.com/home/downloads and recommends users install this update on all affected systems. For more information, please see the Delta product cybersecurity advisory for these issues. https://www.deltaww.com/en-US/Cybersecurity_Advisory
Is CVE-2024-39354 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-39354 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-39354?: CVE-2024-39354 affects Delta Electronics DIAScreen.

Description

Remediation

Categories

CWE-121 – Stack-based Buffer Overflow

CWE-787 – Out-of-bounds Write

References

Frequently Asked Questions