CVE-2019-10949: Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing GCodePatternLen Out-Of-Bounds Read Information Disclosure Vulnerability
First published: Wed Apr 17 2019(Updated: )
Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Deltaww Cncsoft Screeneditor | <=1.00.88 | |
| Delta Industrial Automation CNCSoft ScreenEditor | ||
| Delta Industrial Automation CNCSoft | ||
| Delta Electronics CNCSoft ScreenEditor |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01
- https://www.zerodayinitiative.com/advisories/ZDI-19-415/
- https://www.zerodayinitiative.com/advisories/ZDI-19-419/
- https://www.zerodayinitiative.com/advisories/ZDI-19-413/
- https://www.zerodayinitiative.com/advisories/ZDI-19-418/
- https://www.zerodayinitiative.com/advisories/ZDI-19-411/
- https://www.zerodayinitiative.com/advisories/ZDI-19-412/
- https://www.zerodayinitiative.com/advisories/ZDI-19-407/
- https://www.zerodayinitiative.com/advisories/ZDI-19-409/
- https://www.zerodayinitiative.com/advisories/ZDI-19-406/
- https://www.zerodayinitiative.com/advisories/ZDI-19-416/
- https://www.zerodayinitiative.com/advisories/ZDI-19-414/
- http://www.securityfocus.com/bid/107989
Frequently Asked Questions
What is the vulnerability ID for this Delta Industrial Automation CNCSoft ScreenEditor vulnerability?
The vulnerability ID for this Delta Industrial Automation CNCSoft ScreenEditor vulnerability is CVE-2019-10949.
What is the severity level of CVE-2019-10949?
The severity level of CVE-2019-10949 is medium.
What software products are affected by CVE-2019-10949?
CVE-2019-10949 affects Delta Industrial Automation CNCSoft ScreenEditor and Delta Industrial Automation CNCSoft.
How can the vulnerability be exploited?
The vulnerability can be exploited by remote attackers who make the target visit a malicious page or open a malicious file.
Are there any references available for CVE-2019-10949?
Yes, there are references available for CVE-2019-10949. They can be found at the following URLs: http://www.securityfocus.com/bid/107989, https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01, and https://www.zerodayinitiative.com/advisories/ZDI-19-406/.
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/title
- agent/weakness
- agent/severity
- agent/remedy
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-19-419
- alias/ZDI-CAN-8061
- alias/CVE-2019-10949
- agent/software-canonical-lookup
- alias/ZDI-19-406
- alias/ZDI-CAN-7814
- alias/ZDI-19-413
- alias/ZDI-CAN-7947
- alias/ZDI-19-407
- alias/ZDI-CAN-7826
- alias/ZDI-19-416
- alias/ZDI-CAN-7962
- alias/ZDI-19-409
- alias/ZDI-CAN-7815
- alias/ZDI-19-412
- alias/ZDI-CAN-7945
- alias/ZDI-19-418
- alias/ZDI-CAN-8059
- agent/tags
- alias/ZDI-19-411
- alias/ZDI-CAN-7827
- agent/softwarecombine
- agent/event
- alias/ZDI-19-414
- alias/ZDI-CAN-7960
- alias/ZDI-19-415
- alias/ZDI-CAN-7961
- vendor/deltaww
- canonical/deltaww cncsoft screeneditor
- version/deltaww cncsoft screeneditor/1.00.88
- vendor/delta industrial automation
- canonical/delta industrial automation cncsoft screeneditor
- canonical/delta industrial automation cncsoft
- vendor/delta electronics
- canonical/delta electronics cncsoft screeneditor