CVSS: 7.8EPSS: 7%CPEs: 1EXPL: 0CVE-2019-10947 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wKPFStringLen Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10947
Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack. Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor versión 1.00.88 y anteriores. Se pueden aprovechar múltiples vulnerabilidades de desbordamiento de búfer en la región stack de la memoria al procesar archivos de proyecto especialmente creados, lo que permite a un atacante ejecutar código arbitrario de forma remota. • http://www.securityfocus.com/bid/107989 https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01 https://www.zerodayinitiative.com/advisories/ZDI-19-399 https://www.zerodayinitiative.com/advisories/ZDI-19-400 https://www.zerodayinitiative.com/advisories/ZDI-19-401 https://www.zerodayinitiative.com/advisories/ZDI-19-402 https://www.zerodayinitiative.com/advisories/ZDI-19-403 https://www.zerodayinitiative.com/advisories/ZDI-19-404 https://www.zerodayinitiative.com/advisories/ZDI-19-410 https:&#x • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10951 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wLanguageNameLen Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10951
Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap. Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor versión 1.00.88 y anteriores. Se pueden aprovechar múltiples vulnerabilidades de desbordamiento de búfer en la región heap de la memoria, mediante el procesamiento de archivos de proyecto especialmente creados, lo que permite a un atacante ejecutar código arbitrario de forma remota. • http://www.securityfocus.com/bid/107989 https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01 https://www.zerodayinitiative.com/advisories/ZDI-19-405 https://www.zerodayinitiative.com/advisories/ZDI-19-408 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •