PT-2020-19324 · Delta Industrial Automation · Cncsoft Screeneditor

Kimiya

Published

2020-03-17

Updated

2020-03-20

CVE-2020-6976

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Delta Industrial Automation CNCSoft ScreenEditor versions 1.00.96 and prior

Description The issue arises from the lack of validation when a valid user opens a specially crafted, malicious input file, leading to an out-of-bounds read overflow. This can be exploited when a user opens such a file.

Recommendations For versions 1.00.96 and prior, as a temporary workaround, consider restricting the use of the DPB file parsing functionality until a patch is available. Avoid opening specially crafted or untrusted input files with the ScreenEditor to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2020-6976

ZDI-20-310

Affected Products

Cncsoft Screeneditor

PT-2020-19324 · Delta Industrial Automation · Cncsoft Screeneditor

CVE-2020-6976

Weakness Enumeration

Related Identifiers

Affected Products

References · 5