CVE-2019-10947 Information
Description
Delta Industrial Automation CNCSoft CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
http://www.securityfocus.com/bid/107989 https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01 https://www.zerodayinitiative.com/advisories/ZDI-19-399/ https://www.zerodayinitiative.com/advisories/ZDI-19-400/ https://www.zerodayinitiative.com/advisories/ZDI-19-401/ https://www.zerodayinitiative.com/advisories/ZDI-19-402/ https://www.zerodayinitiative.com/advisories/ZDI-19-403/ https://www.zerodayinitiative.com/advisories/ZDI-19-404/ https://www.zerodayinitiative.com/advisories/ZDI-19-410/ https://www.zerodayinitiative.com/advisories/ZDI-19-417/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: