Out-of-bounds Read Vulnerabilities in Delta Electronics CNCSoft ScreenEditor
CVE-2019-10992

5.5MEDIUM

Key Information:

Vendor: Delta Electronics
Status: Cncsoft Screeneditor
Vendor: CVE Published:; 24 July 2019

Summary

The CNCSoft ScreenEditor from Delta Electronics is susceptible to multiple out-of-bounds read vulnerabilities. These issues arise from inadequate user input validation during the processing of project files, potentially leading to information disclosure. This flaw affects versions 1.00.89 and earlier, allowing an attacker to access sensitive data inadvertently exposed through project file manipulation.

Affected Version(s)

CNCSoft ScreenEditor Versions 1.00.89 and prior

References

https://www.us-cert.gov/ics/advisories/icsa-19-192-01

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2019
Vulnerability Reserved
Apr 8, 2019