CVE-2019-10947

Name of the Vulnerable Software and Affected Versions Delta Industrial Automation CNCSoft ScreenEditor versions 1.00.88 and prior

Description The issue arises from multiple stack-based buffer overflow vulnerabilities that can be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This occurs due to the lack of user input validation before copying data from project files onto the stack.

Recommendations For Delta Industrial Automation CNCSoft ScreenEditor versions 1.00.88 and prior, update to a version later than 1.00.88 to resolve the issue. As a temporary workaround, consider restricting the use of CNCSoft ScreenEditor to minimize the risk of exploitation until a patch is available. Avoid using CNCSoft ScreenEditor to process project files from untrusted sources until the issue is resolved.