CVE-2019-10982 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10982
Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap. Delta Electronics CNCSoft ScreenEditor, versiones 1.00.89 y anteriores. Se pueden explotar múltiples vulnerabilidades de desbordamiento de búfer basadas en el montón mediante el procesamiento de archivos de proyecto especialmente diseñados, lo que permite a un atacante ejecutar código arbitrario de forma remota. • https://www.us-cert.gov/ics/advisories/icsa-19-192-01 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-12899
https://notcve.org/view.php?id=CVE-2019-12899
Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at ntdll!RtlQueueWorkItem+0x00000000000005e3. Delta Electronics DeviceNet Builder versión 2.04 tiene un vector de ataque de escritura de modo de usuario que comienza en ntdll!RtlQueueWorkItem+0x00000000000005e3. • https://code610.blogspot.com/2019/05/crashing-devicenet-builder.html • CWE-787: Out-of-bounds Write •
CVE-2019-12898
https://notcve.org/view.php?id=CVE-2019-12898
Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000000017a45e. Delta Electronics DeviceNet Builder versión 2.04 tiene un vector de ataque de escritura de modo de usuario que comienza en image00400000+0x000000000017a45e. • https://code610.blogspot.com/2019/05/crashing-devicenet-builder.html • CWE-787: Out-of-bounds Write •
CVE-2019-10949 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-10949
Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files. Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor versión 1.00.88 y anteriores. Se pueden aprovechar múltiples vulnerabilidades de lectura fuera de límites, lo que permite la divulgación de información debido a la falta de comprobación de entrada del usuario para procesar archivos de proyectos especialmente creados. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. • http://www.securityfocus.com/bid/107989 https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01 https://www.zerodayinitiative.com/advisories/ZDI-19-406 https://www.zerodayinitiative.com/advisories/ZDI-19-407 https://www.zerodayinitiative.com/advisories/ZDI-19-409 https://www.zerodayinitiative.com/advisories/ZDI-19-411 https://www.zerodayinitiative.com/advisories/ZDI-19-412 https://www.zerodayinitiative.com/advisories/ZDI-19-413 https://www.zerodayinitiative.com/advisories/ZDI-19-414 https: • CWE-125: Out-of-bounds Read •
CVE-2019-10947 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wKPFStringLen Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10947
Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack. Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor versión 1.00.88 y anteriores. Se pueden aprovechar múltiples vulnerabilidades de desbordamiento de búfer en la región stack de la memoria al procesar archivos de proyecto especialmente creados, lo que permite a un atacante ejecutar código arbitrario de forma remota. • http://www.securityfocus.com/bid/107989 https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01 https://www.zerodayinitiative.com/advisories/ZDI-19-399 https://www.zerodayinitiative.com/advisories/ZDI-19-400 https://www.zerodayinitiative.com/advisories/ZDI-19-401 https://www.zerodayinitiative.com/advisories/ZDI-19-402 https://www.zerodayinitiative.com/advisories/ZDI-19-403 https://www.zerodayinitiative.com/advisories/ZDI-19-404 https://www.zerodayinitiative.com/advisories/ZDI-19-410 https: • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •