CVE-2020-16201 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-16201
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information. Delta Industrial Automation CNCSoft ScreenEditor, versiones 1.01.23 y anteriores. Múltiples vulnerabilidades de lectura fuera de límites pueden ser explotadas al procesar archivos de proyecto especialmente diseñados, que pueden permitir a un atacante leer información This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. • https://us-cert.cisa.gov/ics/advisories/icsa-20-217-01 https://www.zerodayinitiative.com/advisories/ZDI-20-941 https://www.zerodayinitiative.com/advisories/ZDI-20-942 https://www.zerodayinitiative.com/advisories/ZDI-20-944 https://www.zerodayinitiative.com/advisories/ZDI-20-945 https://www.zerodayinitiative.com/advisories/ZDI-20-946 https://www.zerodayinitiative.com/advisories/ZDI-20-947 • CWE-125: Out-of-bounds Read •
CVE-2020-16203 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Uninitialized Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-16203
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. An uninitialized pointer may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. Delta Industrial Automation CNCSoft ScreenEditor, versiones 1.01.23 y anteriores. Un puntero no inicializado puede ser explotado al procesar un archivo de proyecto especialmente diseñado. • https://us-cert.cisa.gov/ics/advisories/icsa-20-217-01 https://www.zerodayinitiative.com/advisories/ZDI-20-948 • CWE-824: Access of Uninitialized Pointer •
CVE-2020-7002 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-7002
Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file. Delta Industrial Automation CNCSoft ScreenEditor, versiones v1.00.96 y anteriores. Múltiples desbordamientos de búfer en la región stack ??de la memoria pueden ser explotados cuando un usuario válido abre un archivo de entrada malicioso especialmente diseñado. • https://www.us-cert.gov/ics/advisories/icsa-20-077-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2020-6976 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Giffile Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-6976
Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation. Delta Industrial Automation CNCSoft ScreenEditor, versiones v1.00.96 y anteriores. Un desbordamiento de lectura fuera de límites puede ser explotado cuando un usuario válido abre un archivo de entrada malicioso especialmente diseñado debido a la falta de comprobación. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. • https://www.us-cert.gov/ics/advisories/icsa-20-077-01 • CWE-125: Out-of-bounds Read •
CVE-2019-10951 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wLanguageNameLen Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10951
Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap. Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor versión 1.00.88 y anteriores. Se pueden aprovechar múltiples vulnerabilidades de desbordamiento de búfer en la región heap de la memoria, mediante el procesamiento de archivos de proyecto especialmente creados, lo que permite a un atacante ejecutar código arbitrario de forma remota. • http://www.securityfocus.com/bid/107989 https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01 https://www.zerodayinitiative.com/advisories/ZDI-19-405 https://www.zerodayinitiative.com/advisories/ZDI-19-408 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •