CVE-2019-10947

Published: Apr 17, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.

Affected (1)

Products: Deltaww: Cncsoft Screeneditor

1 product

Cncsoft Screeneditor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Deltaww Cncsoft Screeneditor	Up to 1.00.88

Related CWEs

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (20)

http://www.securityfocus.com/bid/107989

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01

Source: ics-cert@hq.dhs.gov

PatchThird Party AdvisoryUS Government Resource

https://www.zerodayinitiative.com/advisories/ZDI-19-399/

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-19-400/

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-19-401/

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-19-402/

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-19-403/

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-19-404/

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-19-410/

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-19-417/

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/107989

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

https://www.zerodayinitiative.com/advisories/ZDI-19-399/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-19-400/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-19-401/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-19-402/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-19-403/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-19-404/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-19-410/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-19-417/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.