CVE-2019-10949

Name of the Vulnerable Software and Affected Versions Delta Industrial Automation CNCSoft ScreenEditor versions 1.00.88 and prior

Description The issue is related to multiple out-of-bounds read vulnerabilities that may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files. This occurs in the DPB file parsing component, specifically affecting variables such as DescwTextLen, GCodePatternLen, and wTextLen, as well as wMessageLen.

Recommendations For Delta Industrial Automation CNCSoft ScreenEditor versions 1.00.88 and prior, consider disabling the DPB file parsing functionality until a patch is available to prevent exploitation of the out-of-bounds read vulnerabilities. Restrict access to the DPB file parsing component to minimize the risk of information disclosure. Avoid using the DescwTextLen, GCodePatternLen, wTextLen, and wMessageLen variables in the affected DPB file parsing functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.