Stack-based Buffer Overflow Vulnerability Affects Delta Electronics CNCSoft-B
CVE-2024-1941

7.8HIGH

Key Information:

Vendor: Delta Electronics
Status: Cncsoft-b
Vendor: CVE Published:; 1 March 2024

Summary

Delta Electronics' CNCSoft-B software versions 1.0.0.4 and earlier are exposed to a stack-based buffer overflow vulnerability. This flaw could permit an attacker to execute arbitrary code, posing severe risks to systems relying on the affected software version. Organizations using CNCSoft-B should prioritize patching to mitigate the potential threats associated with this vulnerability. The urgency stems from the critical implications of unauthorized code execution, including system compromise and data integrity issues.

Affected Version(s)

CNCSoft-B 0 <= 1.0.0.4

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-0...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Feb 27, 2024

Credit

Natnael Samson (@NattiSamson) working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.