CVE-2022-4634 – CVE-2022-4634
https://notcve.org/view.php?id=CVE-2022-4634
All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-1405 – Delta Electronics CNCSoft Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-1405
CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. CNCSoft: Todas las versiones anteriores a 1.01.32 no sanean correctamente la entrada mientras es procesado un archivo de proyecto específico, lo que permite una posible condición de desbordamiento de búfer en la región stack de la memoria • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-01 • CWE-121: Stack-based Buffer Overflow •
CVE-2022-1404 – Delta Electronics CNCSoft Out-of-bounds Read
https://notcve.org/view.php?id=CVE-2022-1404
Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. Delta Electronics CNCSoft (Todas las versiones anteriores a la 1.01.32) no sanea correctamente la entrada mientras procesa un archivo de proyecto específico, lo que permite una posible condición de lectura fuera de límites This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-01 • CWE-125: Out-of-bounds Read •
CVE-2021-43982 – Delta Electronics CNCSoft
https://notcve.org/view.php?id=CVE-2021-43982
Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. Delta Electronics CNCSoft versiones 1.01.30 y anteriores, son vulnerables a un desbordamiento del búfer en la región stack de la memoria, que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files in the ScreenEditor module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-03 • CWE-121: Stack-based Buffer Overflow •
CVE-2018-10636 – Delta Industrial Automation CNCSoft ScreenEditor DPB File wKPFString Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-10636
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. CNCSoft en versiones 1.00.83 y anteriores con ScreenEditor 1.00.54 tiene múltiples vulnerabilidades de desbordamiento de búfer basado en pila que podría provocar el cierre inesperado del software debido a la falta de validación de entradas de usuario antes de copiar los datos del los archivos de proyecto a la pila. Esto puede permitir a un atacante ejecutar código remotamente con privilegios de administrador si se explota. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. • http://www.securityfocus.com/bid/105032 https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •