CVE-2019-10978

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Red Lion Controls Crimson versions 3.0 and prior Red Lion Controls Crimson version 3.1 prior to release 3112.00

Description The issue allows multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area, potentially leading to information disclosure, memory corruption, and remote code execution.

Recommendations For Red Lion Controls Crimson versions 3.0 and prior, update to a version later than 3.0 to resolve the issue. For Red Lion Controls Crimson version 3.1 prior to release 3112.00, update to release 3112.00 or later to resolve the issue.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2019-10978

ZDI-19-784

ZDI-19-790

ZDI-19-792

ZDI-19-793

ZDI-19-794

ZDI-19-795

ZDI-19-796

Affected Products

Crimson

CVE-2019-10978

Weakness Enumeration

Related Identifiers

Affected Products

References · 10