Delta Electronics CNCSoft-G2: Inadequate User-Supplied Data Validation Key Vulnerability
CVE-2024-47964

7.8HIGH

Key Information:

Vendor: Delta Electronics
Status: Cncsoft-g2
Vendor: CVE Published:; 10 October 2024

🔔 Create Delta Electronics Vulnerability Alert

What is CVE-2024-47964?

The Delta Electronics CNCSoft-G2 software exhibits a vulnerability due to improper validation of user-supplied data length before copying it to a heap-based buffer with a fixed length. This flaw allows a malicious actor to potentially exploit the vulnerability by enticing users to open a specially crafted web page or file, leading to arbitrary code execution in the context of the current process. This situation poses significant risks, as it can compromise system integrity, allowing attackers to manipulate the operations of CNC machines or download additional malicious payloads.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CNCSoft-G2 2.1.0.10

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-2...

government-resource

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2024
Vulnerability Reserved
Oct 7, 2024

Credit

Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.

JSON