Delta Electronics CNCSoft-G2 Memory Initialization Vulnerability
CVE-2024-47966

7.8HIGH

Key Information:

Vendor: Delta Electronics
Status: Cncsoft-g2
Vendor: CVE Published:; 10 October 2024

Summary

The CNCSoft-G2 software by Delta Electronics contains a vulnerability related to improper memory initialization prior to access. This flaw could allow an attacker to craft a malicious web page or file. If a user interacts with this malicious content, the attacker may execute arbitrary code in the security context of the affected software. It is crucial for users to ensure their systems are updated and follow best security practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

CNCSoft-G2 2.1.0.10

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-2...

government-resource

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2024
Vulnerability Reserved
Oct 7, 2024

Credit

Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.