PT-2025-11192 · Delta Electronics · Cncsoft-G2

Published

2025-03-13

Updated

2025-03-18

CVE-2024-12858

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Delta Electronics CNCSoft-G2 versions 2.1.0.16 and prior

Description: The issue arises from a lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This allows an attacker to execute code in the context of the current process if a target visits a malicious page or opens a malicious file.

Recommendations: For Delta Electronics CNCSoft-G2 versions 2.1.0.16 and prior, upgrade to a newer version to address the security issue. As a temporary workaround, consider restricting the handling of user-supplied data to minimize the risk of exploitation.

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

CVE-2024-12858

Affected Products

Cncsoft-G2

PT-2025-11192 · Delta Electronics · Cncsoft-G2

CVE-2024-12858

Weakness Enumeration

Related Identifiers

Affected Products

References · 7