Heap-Based Buffer Overflow Vulnerabilities in Delta Industrial Automation CNCSoft
CVE-2019-10951

7.8HIGH

Key Information:

Vendor

Deltaww

Status
Delta Industrial Automation Cncsoft
Vendor
CVE Published:
17 April 2019

What is CVE-2019-10951?

Delta Industrial Automation's CNCSoft ScreenEditor, specifically version 1.00.88 and earlier, is susceptible to multiple heap-based buffer overflow vulnerabilities. These vulnerabilities arise when specially crafted project files are processed without adequate user input validation, potentially allowing attackers to execute arbitrary code remotely. The insecure handling of input data when copying to the heap exposes the system to significant risks, emphasizing the need for immediate remediation.

Affected Version(s)

Delta Industrial Automation CNCSoft CNCSoft ScreenEditor Version 1.00.88 and prior.

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-19-405/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-19-408/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.