Heap-Based Buffer Overflow in Delta Electronics CNCSoft ScreenEditor
CVE-2019-10982

7.8HIGH

Key Information:

Vendor: Delta Electronics
Status: Cncsoft Screeneditor
Vendor: CVE Published:; 24 July 2019

Summary

Delta Electronics CNCSoft ScreenEditor, up to version 1.00.89, is susceptible to multiple heap-based buffer overflow vulnerabilities. An attacker can exploit these vulnerabilities by sending specially crafted project files, leading to the potential for remote code execution. The issue arises from inadequate validation of user input before data is transferred from project files to the heap, making it crucial for users to implement necessary security patches and follow best practices to mitigate risks.

Affected Version(s)

CNCSoft ScreenEditor Versions 1.00.89 and prior

References

https://www.us-cert.gov/ics/advisories/icsa-19-192-01

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2019
Vulnerability Reserved
Apr 8, 2019