Buffer Overflow Vulnerability in CNCSoft-G2 Could Lead to Code Execution
CVE-2024-39882

8.8HIGH

Key Information:

Vendor: Delta Electronics
Status: Cncsoft-g2
Vendor: CVE Published:; 9 July 2024

Summary

The vulnerability in Delta Electronics' CNCSoft-G2 arises from inadequate validation of user-supplied data, enabling attackers to exploit a buffer overflow. By triggering this condition through interaction with a malicious web page or file, an attacker can execute arbitrary code within the context of the vulnerable process. This exposure necessitates immediate attention to establish proper input validation mechanisms and mitigate such security risks.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024