What is the vulnerability ID for this Delta Electronics CNCSoft vulnerability?

The vulnerability ID for this Delta Electronics CNCSoft vulnerability is CVE-2021-44768.

What is the severity of CVE-2021-44768?

The severity of CVE-2021-44768 is medium with a severity value of 5.5.

What software versions are affected by CVE-2021-44768?

Delta Electronics CNCSoft (Version 1.01.30) and prior) is affected by CVE-2021-44768.

What is the impact of CVE-2021-44768?

CVE-2021-44768 may allow an attacker to disclose information through an out-of-bounds read while processing a specific project file in Delta Electronics CNCSoft.

Is there a fix for CVE-2021-44768?

At the moment, there is no information available regarding a fix for CVE-2021-44768. It is recommended to follow the guidance provided by the vendor or the official advisory.

Vulnerability/
CVE-2021-44768

medium

6.1

CWE

125

25/3/2022

16/9/2024

CVE-2021-44768: Delta Electronics CNCSoft Out-of-bounds Read

First published: Fri Mar 25 2022(Updated: )

Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Deltaww Cncsoft Screeneditor	<=1.01.30
Delta Electronics CNCSoft Versions 1.01.30 and prior

Remedy

Delta Electronics recommends users upgrade to the latest available patch. Delta Electronics also recommends users apply the following mitigations to reduce the risk of exploit: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet. Locate control system networks and remote devices behind firewalls and isolate them from the business network. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-21-350-02

Frequently Asked Questions

What is the vulnerability ID for this Delta Electronics CNCSoft vulnerability?
The vulnerability ID for this Delta Electronics CNCSoft vulnerability is CVE-2021-44768.
What is the severity of CVE-2021-44768?
The severity of CVE-2021-44768 is medium with a severity value of 5.5.
What software versions are affected by CVE-2021-44768?
Delta Electronics CNCSoft (Version 1.01.30) and prior) is affected by CVE-2021-44768.
What is the impact of CVE-2021-44768?
CVE-2021-44768 may allow an attacker to disclose information through an out-of-bounds read while processing a specific project file in Delta Electronics CNCSoft.
Is there a fix for CVE-2021-44768?
At the moment, there is no information available regarding a fix for CVE-2021-44768. It is recommended to follow the guidance provided by the vendor or the official advisory.

agent/type
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/remedy
agent/title
agent/first-publish-date
agent/severity
agent/references
agent/softwarecombine
agent/event
agent/tags
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
vendor/deltaww
canonical/deltaww cncsoft screeneditor
version/deltaww cncsoft screeneditor/1.01.30
vendor/delta electronics
canonical/delta electronics cncsoft versions 1.01.30 and prior