Buffer Overflow Vulnerability in Delta Industrial Automation CNCSoft Product
CVE-2019-10947

7.8HIGH

Key Information:

Vendor

Deltaww

Status
Delta Industrial Automation Cncsoft
Vendor
CVE Published:
17 April 2019

What is CVE-2019-10947?

The CNCSoft ScreenEditor software by Delta Industrial Automation is susceptible to multiple stack-based buffer overflow vulnerabilities. These vulnerabilities arise from the application's failure to adequately validate user inputs when processing specially crafted project files. An attacker can exploit this lack of validation to manipulate data copied to the stack, potentially leading to the remote execution of arbitrary code. Users of CNCSoft ScreenEditor should apply available updates and implement security best practices to mitigate any risk associated with these vulnerabilities.

Affected Version(s)

Delta Industrial Automation CNCSoft CNCSoft ScreenEditor Version 1.00.88 and prior.

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-19-417/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-19-399/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.