CVE-2019-10947
published 2019-04-17CVE-2019-10947: Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by…
PriorityP345high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
3.67%
88.3th percentile
Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| deltaww | cncsoft_screeneditor | <= 1.00.88 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Delta Industrial Automation CNCSoft
cisa_ics·2019-04-16·CVSS 7.8
[HIGH] Delta Industrial Automation CNCSoft
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Delta Industrial Automation CNCSoft
Last RevisedApril 16, 2019
Alert CodeICSA-19-106-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 7.8
- ATTENTION: Low skill level to exploit
- Vendor: Delta Electronics (Delta)
- Equipment: Delta Industrial Automation CNCSoft
- Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Read
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the application.
## 3. TECHNICAL DETAILS
## 3.1 AF
GHSA
GHSA-qmrf-743w-6r87: Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1
ghsa_unreviewed·2022-05-13
CVE-2019-10947 [HIGH] CWE-787 GHSA-qmrf-743w-6r87: Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1
Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/107989https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01https://www.zerodayinitiative.com/advisories/ZDI-19-399/https://www.zerodayinitiative.com/advisories/ZDI-19-400/https://www.zerodayinitiative.com/advisories/ZDI-19-401/https://www.zerodayinitiative.com/advisories/ZDI-19-402/https://www.zerodayinitiative.com/advisories/ZDI-19-403/https://www.zerodayinitiative.com/advisories/ZDI-19-404/https://www.zerodayinitiative.com/advisories/ZDI-19-410/https://www.zerodayinitiative.com/advisories/ZDI-19-417/http://www.securityfocus.com/bid/107989https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01https://www.zerodayinitiative.com/advisories/ZDI-19-399/https://www.zerodayinitiative.com/advisories/ZDI-19-400/https://www.zerodayinitiative.com/advisories/ZDI-19-401/https://www.zerodayinitiative.com/advisories/ZDI-19-402/https://www.zerodayinitiative.com/advisories/ZDI-19-403/https://www.zerodayinitiative.com/advisories/ZDI-19-404/https://www.zerodayinitiative.com/advisories/ZDI-19-410/https://www.zerodayinitiative.com/advisories/ZDI-19-417/
2019-04-17
Published