4 results (0.006 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files. Delta Industrial Automation CNCSoft y CNCSoft ScreenEditor, en sus versiones 1.00.84 y anteriores. Una vulnerabilidad de lectura fuera de límites podría provocar el cierre inesperado del software debido a una falta de validación de entradas proporcionadas por el usuario para procesar archivos de proyecto. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. • http://www.securityfocus.com/bid/107086 https://ics-cert.us-cert.gov/advisories/ICSA-19-050-02 • CWE-125: Out-of-bounds Read •

CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 0

CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. CNCSoft en versiones 1.00.83 y anteriores con ScreenEditor 1.00.54 tiene múltiples vulnerabilidades de desbordamiento de búfer basado en pila que podría provocar el cierre inesperado del software debido a la falta de validación de entradas de usuario antes de copiar los datos del los archivos de proyecto a la pila. Esto puede permitir a un atacante ejecutar código remotamente con privilegios de administrador si se explota. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. • http://www.securityfocus.com/bid/105032 https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 0

CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. CNCSoft en versiones 1.00.83 y anteriores con ScreenEditor 1.00.54 tiene dos vulnerabilidades de lectura fuera de límites que pueden causar que el software se cierre de manera inesperada debido a la falta de validación de entrada de datos del usuario para procesar los archivos de proyecto. Esto puede permitir a un atacante ejecutar código remotamente con privilegios de administrador si se explota. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. • http://www.securityfocus.com/bid/105032 https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01 • CWE-125: Out-of-bounds Read •