Stack-Based Buffer Overflow Vulnerabilities in CNCSoft Software
CVE-2018-10636

8.8HIGH

Key Information:

Vendor: Ics-cert
Status: Cncsoft With Screeneditor
Vendor: CVE Published:; 13 August 2018

What is CVE-2018-10636?

CNCSoft prior to Version 1.00.83, along with ScreenEditor prior to Version 1.00.54, contains multiple stack-based buffer overflow vulnerabilities. These vulnerabilities arise from insufficient validation of user input when data is copied from project files to the stack. An attacker could exploit these weaknesses to potentially execute arbitrary code with elevated privileges, compromising the target system.

Affected Version(s)

CNCSoft with ScreenEditor CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01

x_refsource_MISC

http://www.securityfocus.com/bid/105032

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2018
Vulnerability Reserved
May 1, 2018

CVE-2018-10636 Data

JSON

Ics-cert

What is CVE-2018-10636?

Affected Version(s)

References

CVSS V3.1

Timeline