Rewterz Threat Advisory – Delta Industrial Automation CNCSoft ScreenEditor Multiple Vulnerabilities

Rewterz Threat Advisory – CVE-2019-10639 – Linux Kernel “net_hash_mix()” Information Disclosure Vulnerability

July 11, 2019

Rewterz Threat Advisory – CVE-2019-10935 – Siemens SIMATIC WinCC and PCS7 Information Disclosure Vulnerability

July 12, 2019

Rewterz Threat Advisory – Delta Industrial Automation CNCSoft ScreenEditor Multiple Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2019-10982

Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap.

CVE-2019-10992

Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files.

Impact

Execution of arbitrary code
Information disclosure

Affected Vendors

Delta Electronics

Affected Products

CNCSoft ScreenEditor

Remediation

Vendor recommends to update to the latest version:

latest version of ScreenEditor, Version 1.00.94

Rewterz Threat Advisory – CVE-2019-10639 – Linux Kernel “net_hash_mix()” Information Disclosure Vulnerability

Rewterz Threat Advisory – CVE-2019-10935 – Siemens SIMATIC WinCC and PCS7 Information Disclosure Vulnerability

Rewterz Threat Advisory – Delta Industrial Automation CNCSoft ScreenEditor Multiple Vulnerabilities

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan