CVE-2019-10947

Опубликовано: 17 апр. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.

Ссылки

http://www.securityfocus.com/bid/107989
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01
Patch
Third Party Advisory
US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-19-399/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-400/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-401/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-402/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-403/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-404/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-410/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-417/
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/107989
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01
Patch
Third Party Advisory
US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-19-399/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-400/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-401/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-402/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-403/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-404/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-410/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-417/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:deltaww:cncsoft_screeneditor:*:*:*:*:*:*:*:*

Версия до 1.00.88 (включая)

EPSS

Процентиль: 71%

0.007

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-121

CWE-787

Связанные уязвимости

GHSA-qmrf-743w-6r87