Buffer Overflow Vulnerability in CNCSoft-G2 Could Lead to Code Execution
CVE-2024-39882

8.4HIGH

Key Information:

Vendor: Delta Electronics
Status: Cncsoft-g2
Vendor: CVE Published:; 9 July 2024

Summary

The vulnerability in Delta Electronics' CNCSoft-G2 arises from inadequate validation of user-supplied data, enabling attackers to exploit a buffer overflow. By triggering this condition through interaction with a malicious web page or file, an attacker can execute arbitrary code within the context of the vulnerable process. This exposure necessitates immediate attention to establish proper input validation mechanisms and mitigate such security risks.

Affected Version(s)

CNCSoft-G2 2.0.0.5

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...

government-resource

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jul 9, 2024