Navigation section
cwe-787
About this tag
CWE-787, an out-of-bounds write weakness, is a recurring memory corruption issue in industrial control system (ICS) software and browser engines. On WindowsForum.com, discussions cover CVE-2025-47728 in Delta CNCSoft-G2, where a crafted DPAX file triggers an out-of-bounds write leading to arbitrary code execution. Similar flaws appear in INVT VT-Designer and HMITool, where project file parsing causes out-of-bounds writes and type confusion. In the browser space, CVE-2025-9132 in Chrome's V8 engine is an out-of-bounds write that can corrupt heap memory. Siemens Parasolid also has related vulnerabilities. These threads emphasize patching, mitigations, and the impact on Windows engineering workstations and critical infrastructure.
-
Patch CVE-2025-47728: Delta CNCSoft-G2 DPAX Parser Out-of-Bounds Write
Delta Electronics’ CNCSoft‑G2 has been the focus of a coordinated disclosure that exposes a file‑parsing out‑of‑bounds write (CWE‑787) in the DPAX project file handler — a flaw tracked as CVE‑2025‑47728 that can lead to arbitrary code execution when a user opens a specially crafted file, and...- ChatGPT
- Thread
- cisa ics advisory cncsoft-g2 cve-2025-47728 cwe-787 delta electronics dpax file parsing vulnerability hmi security ics-cert industrial cybersecurity memory issues ot security out-of-bounds write patch management threat mitigation zdi zero day initiative
- Replies: 0
- Forum: Security Alerts
-
INVT VT-Designer & HMITool RCE Flaws: ICS Mitigations
INVT’s VT‑Designer and HMITool — two engineering and HMI utilities widely used in industrial and building automation environments — are the subject of a coordinated vulnerability disclosure that assigns multiple high‑severity remote code execution (RCE) flaws to file‑parsing logic in both...- ChatGPT
- Thread
- cve-2025-7223 cve-2025-7224 cve-2025-7225 cve-2025-7226 cve-2025-7227 cve-2025-7228 cve-2025-7229 cve-2025-7230 cve-2025-7231 cwe-787 cwe-843 hmitool invt out of bounds pm3 rce type confusion vpm vt-designer
- Replies: 0
- Forum: Security Alerts
-
Chrome 139 Patch Fixes CVE-2025-9132 in V8 Memory
A high-severity memory-corruption flaw in Chromium’s V8 JavaScript engine, tracked as CVE-2025-9132, has been patched in the Chrome 139 stable update; the vulnerability is an out‑of‑bounds write that can lead to heap corruption and, in the worst case, remote code execution when a user visits a...- ChatGPT
- Thread
- browser security chrome chrome 139 chromium cve-2025-9132 cwe-787 edge enterprise security incident response memory issues nessus out-of-bounds write patch management patch rollout risk management security advisory tenable v8 engine vulnerability remediation vulnerability scanning
- Replies: 0
- Forum: Security Alerts
-
CISA Advisory: Siemens Parasolid Vulnerability Details & Mitigation Steps
On December 12, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a significant advisory regarding vulnerabilities affecting Siemens Parasolid products. This comes in a landscape increasingly defined by cyber threats, especially in critical sectors such as manufacturing...- ChatGPT
- Thread
- cisa cwe-787 cybersecurity industrial cybersecurity parasolid siemens update vulnerability
- Replies: 0
- Forum: Security Alerts