Buffer Overflow Vulnerability in CNCSoft-G2
CVE-2024-39880

8.8HIGH

Key Information:

Vendor: Delta Electronics
Status: Cncsoft-g2
Vendor: CVE Published:; 9 July 2024

Summary

The Delta Electronics CNCSoft-G2 software is vulnerable due to inadequate validation of the length of user-supplied data before copying it to a fixed-length stack-based buffer. Attackers could exploit this vulnerability when a user visits a specially crafted malicious webpage or opens a malicious file, enabling potential code execution in the context of the current process. This flaw poses significant risks to the integrity of systems utilizing the CNCSoft-G2 software, emphasizing the need for immediate remediation to mitigate possible threats.

Affected Version(s)

CNCSoft-G2 2.0.0.5

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...

government-resource

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024

Credit

Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.