CVE-2020-7002

Name of the Vulnerable Software and Affected Versions Delta Industrial Automation CNCSoft ScreenEditor versions 1.00.96 and prior

Description The issue is caused by multiple stack-based buffer overflows that can be exploited when a valid user opens a specially crafted, malicious input file. This can allow a remote attacker to execute arbitrary code in the target system by opening a specially created file in the DPB format. The vulnerability is related to the parsing of DPB files, specifically the GifName parameter.

Recommendations For versions 1.00.96 and prior, consider disabling the DPB file parsing functionality until a patch is available. Restrict access to the GifName parameter in the DPB file parsing module to minimize the risk of exploitation. Avoid using the DPB file format with the CNCSoft ScreenEditor until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.