Request a Demo
Rewterz
Rewterz Threat Alert – AutoIt-Wrapped NanoCore RAT Malspam – Threat Indicators
April 16, 2019
Rewterz
Rewterz Threat Advisory – CVE-2019-10712 – WAGO Series 750-88x and 750-87x Undocumented Service Access Vulnerability
April 17, 2019

Rewterz Threat Advisory – Delta Industrial Automation CNCSoft Multiple Vulnerabilities

Severity

High

Analysis Summary


CVE-2019-10947

Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.

CVE-2019-10951

Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap.

CVE-2019-10949

Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files.

Impact

  • Information disclosure,
  • Remote code execution
  • Crash the application.

Affected Vendors

Delta

Affected Products

Delta Industrial Automation CNCSoft

Remediation

Vendor recommends the following:

Update to the latest version of ScreenEditor 1.00.89. This updated version can be found at:
http://www.deltaww.com/services/DownloadCenter2.aspx?secID=8&pid=2&tid=0&CID=06&itemID=060202&typeID=1&downloadID=&title=&dataType=8;&check=1&hl=en-US