Buffer Overflow Vulnerability in Delta Industrial Automation CNCSoft ScreenEditor
CVE-2020-16199

7.8HIGH

Key Information:

Vendor: Deltaww
Status: Delta Industrial Automation Cncsoft Screeneditor
Vendor: CVE Published:; 4 August 2020

What is CVE-2020-16199?

The Delta Industrial Automation CNCSoft ScreenEditor is prone to multiple stack-based buffer overflow vulnerabilities due to improper handling of specially crafted project files. An attacker can exploit these vulnerabilities to read or modify sensitive information, execute arbitrary code, or cause the application to crash. Versions 1.01.23 and earlier are especially vulnerable, necessitating immediate attention from users to safeguard their systems.

Affected Version(s)

Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.23 and prior

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-217-01

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-20-940/

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-20-939/

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2020
Vulnerability Reserved
Jul 31, 2020

CVE-2020-16199 Data

JSON

Deltaww

What is CVE-2020-16199?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline