Remote Code Execution Vulnerability in Delta Electronics CNCSoft ScreenEditor
CVE-2021-22672

7.8HIGH

Key Information:

Vendor: Deltaww
Status: Delta Electronics Cncsoft Screeneditor
Vendor: CVE Published:; 10 May 2021

What is CVE-2021-22672?

CNCSoft ScreenEditor by Delta Electronics, particularly versions earlier than v1.01.30, contains a vulnerability that may provoke data corruption, cause denial-of-service conditions, or even permit the remote execution of arbitrary code. This poses significant risks for users who utilize the application in their industrial environments, as malicious actors could exploit the flaw to gain unauthorized access and control over systems.

Affected Version(s)

Delta Electronics CNCSoft ScreenEditor CNCSoft ScreenEditor versions prior to v1.01.30

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-124-02

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-524/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2021
Vulnerability Reserved
Jan 5, 2021

CVE-2021-22672 Data

JSON

Deltaww

What is CVE-2021-22672?

Affected Version(s)

References

CVSS V3.1

Timeline