CVE-2019-10996

Name of the Vulnerable Software and Affected Versions Red Lion Controls Crimson versions 3.0 and prior Red Lion Controls Crimson version 3.1 prior to release 3112.00

Description The issue allows for exploitation when a valid user opens a specially crafted, malicious input file. This can lead to referencing memory after it has been freed, which is a use-after-free condition. This condition can potentially be used for remote code execution or information disclosure.

Recommendations For Red Lion Controls Crimson versions 3.0 and prior, update to a version later than 3.0 to resolve the issue. For Red Lion Controls Crimson version 3.1 prior to release 3112.00, update to release 3112.00 or later to resolve the issue. As a temporary workaround, consider restricting access to malicious input files until a patch is available.