CVE-2024-47962

Name of the Vulnerable Software and Affected Versions Delta Electronics CNCSoft-G2 version 2.1.0.10

Description The issue is related to a lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This allows an attacker to manipulate an insider to visit a malicious page or file, potentially leading to the execution of code in the context of the current process. The vulnerability poses a serious cybersecurity threat due to the possibility of remote code execution.

Recommendations For Delta Electronics CNCSoft-G2 version 2.1.0.10, upgrade immediately to mitigate the risk of system compromise on affected devices. As a temporary workaround, consider restricting access to potentially vulnerable file parsing functions until a patch is available. Avoid using the software to parse untrusted files, such as ALM, DPAX, or CMT files, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.