CVE-2019-10982 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10982
Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap. Delta Electronics CNCSoft ScreenEditor, versiones 1.00.89 y anteriores. Se pueden explotar múltiples vulnerabilidades de desbordamiento de búfer basadas en el montón mediante el procesamiento de archivos de proyecto especialmente diseñados, lo que permite a un atacante ejecutar código arbitrario de forma remota. • https://www.us-cert.gov/ics/advisories/icsa-19-192-01 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-10992 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-10992
Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files. Delta Electronics CNCSoft ScreenEditor, versiones 1.00.89 y anteriores. Varias vulnerabilidades de lectura fuera de los límites pueden causar la divulgación de información debido a la falta de validación de entrada del usuario para procesar archivos de proyecto. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. • https://www.us-cert.gov/ics/advisories/icsa-19-192-01 • CWE-125: Out-of-bounds Read •