CVE-2019-10947: Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wMessageLen Stack-based Buffer Overflow Remote Code Execution Vulnerability
First published: Wed Apr 17 2019(Updated: )
Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Deltaww Cncsoft Screeneditor | <=1.00.88 | |
| Delta Industrial Automation CNCSoft ScreenEditor |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01
- https://www.zerodayinitiative.com/advisories/ZDI-19-417/
- https://www.zerodayinitiative.com/advisories/ZDI-19-404/
- https://www.zerodayinitiative.com/advisories/ZDI-19-410/
- https://www.zerodayinitiative.com/advisories/ZDI-19-400/
- https://www.zerodayinitiative.com/advisories/ZDI-19-403/
- https://www.zerodayinitiative.com/advisories/ZDI-19-399/
- https://www.zerodayinitiative.com/advisories/ZDI-19-402/
- https://www.zerodayinitiative.com/advisories/ZDI-19-401/
- http://www.securityfocus.com/bid/107989
Frequently Asked Questions
What is the vulnerability ID for this Delta Industrial Automation CNCSoft ScreenEditor vulnerability?
The vulnerability ID for this Delta Industrial Automation CNCSoft ScreenEditor vulnerability is CVE-2019-10947.
How severe is the Delta Industrial Automation CNCSoft ScreenEditor vulnerability (CVE-2019-10947)?
The severity of the Delta Industrial Automation CNCSoft ScreenEditor vulnerability (CVE-2019-10947) is 7.8 (high).
How can remote attackers exploit the Delta Industrial Automation CNCSoft ScreenEditor vulnerability (CVE-2019-10947)?
Remote attackers can exploit the Delta Industrial Automation CNCSoft ScreenEditor vulnerability (CVE-2019-10947) by executing arbitrary code on vulnerable installations if the target visits a malicious page or opens a malicious file.
What is the affected software by the Delta Industrial Automation CNCSoft ScreenEditor vulnerability (CVE-2019-10947)?
The affected software by the Delta Industrial Automation CNCSoft ScreenEditor vulnerability (CVE-2019-10947) includes Delta Industrial Automation CNCSoft ScreenEditor versions up to 1.00.88.
Where can I find more information about the Delta Industrial Automation CNCSoft ScreenEditor vulnerability (CVE-2019-10947)?
You can find more information about the Delta Industrial Automation CNCSoft ScreenEditor vulnerability (CVE-2019-10947) at the following references: [SecurityFocus](http://www.securityfocus.com/bid/107989), [ICSA](https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01), [ZDI](https://www.zerodayinitiative.com/advisories/ZDI-19-399/).
- agent/weakness
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/remedy
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-19-401
- alias/ZDI-CAN-7809
- alias/CVE-2019-10947
- agent/software-canonical-lookup
- alias/ZDI-19-402
- alias/ZDI-CAN-7810
- alias/ZDI-19-400
- alias/ZDI-CAN-7808
- alias/ZDI-19-403
- alias/ZDI-CAN-7811
- agent/title
- agent/softwarecombine
- agent/tags
- alias/ZDI-19-399
- alias/ZDI-CAN-7807
- alias/ZDI-19-410
- alias/ZDI-CAN-7823
- agent/event
- alias/ZDI-19-404
- alias/ZDI-CAN-7812
- alias/ZDI-19-417
- alias/ZDI-CAN-7946
- vendor/deltaww
- canonical/deltaww cncsoft screeneditor
- version/deltaww cncsoft screeneditor/1.00.88
- vendor/delta industrial automation
- canonical/delta industrial automation cncsoft screeneditor
- canonical/delta industrial automation cncsoft