cvelistv5 - CVE-2019-10947

CVE-2019-10947 (GCVE-0-2019-10947)

Vulnerability from cvelistv5 – Published: 2019-04-17 14:04 – Updated: 2024-08-04 22:40

Summary

Severity ?

No CVSS data available.

CWE

CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121

Assigner

icscert

References

URL

Tags

	https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	http://www.securityfocus.com/bid/107989	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Delta Industrial Automation CNCSoft	Affected: CNCSoft ScreenEditor Version 1.00.88 and prior.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.259Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-417/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-399/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-401/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-402/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-403/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-404/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-410/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-400/"
          },
          {
            "name": "107989",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107989"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Delta Industrial Automation CNCSoft",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "CNCSoft ScreenEditor Version 1.00.88 and prior."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "STACK-BASED BUFFER OVERFLOW CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-18T08:06:00",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-417/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-399/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-401/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-402/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-403/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-404/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-410/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-400/"
        },
        {
          "name": "107989",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107989"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-10947",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Delta Industrial Automation CNCSoft",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "CNCSoft ScreenEditor Version 1.00.88 and prior."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "STACK-BASED BUFFER OVERFLOW CWE-121"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-417/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-417/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-399/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-399/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-401/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-401/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-402/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-402/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-403/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-403/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-404/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-404/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-410/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-410/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-400/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-400/"
            },
            {
              "name": "107989",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107989"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-10947",
    "datePublished": "2019-04-17T14:04:53",
    "dateReserved": "2019-04-08T00:00:00",
    "dateUpdated": "2024-08-04T22:40:15.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:deltaww:cncsoft_screeneditor:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.00.88\", \"matchCriteriaId\": \"86DA8ED1-20DF-4CDA-953B-588DBC2CE2B0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.\"}, {\"lang\": \"es\", \"value\": \"Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor versi\\u00f3n 1.00.88 y anteriores. Se pueden aprovechar m\\u00faltiples vulnerabilidades de desbordamiento de b\\u00fafer  en la regi\\u00f3n stack de la memoria al procesar archivos de proyecto especialmente creados, lo que permite a un atacante ejecutar c\\u00f3digo arbitrario de forma remota. Esto puede ocurrir porque CNCSoft carece de comprobaci\\u00f3n de entrada del usuario antes de copiar datos de los archivos del proyecto en la pila.\"}]",
      "id": "CVE-2019-10947",
      "lastModified": "2024-11-21T04:20:12.717",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-04-17T15:29:00.750",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/107989\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-399/\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-400/\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-401/\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-402/\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-403/\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-404/\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-410/\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-417/\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/107989\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-399/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-400/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-401/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-402/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-403/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-404/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-410/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-19-417/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-121\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-10947\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2019-04-17T15:29:00.750\",\"lastModified\":\"2024-11-21T04:20:12.717\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.\"},{\"lang\":\"es\",\"value\":\"Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor versi\u00f3n 1.00.88 y anteriores. Se pueden aprovechar m\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer  en la regi\u00f3n stack de la memoria al procesar archivos de proyecto especialmente creados, lo que permite a un atacante ejecutar c\u00f3digo arbitrario de forma remota. Esto puede ocurrir porque CNCSoft carece de comprobaci\u00f3n de entrada del usuario antes de copiar datos de los archivos del proyecto en la pila.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:deltaww:cncsoft_screeneditor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.00.88\",\"matchCriteriaId\":\"86DA8ED1-20DF-4CDA-953B-588DBC2CE2B0\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/107989\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-399/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-400/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-401/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-402/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-403/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-404/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-410/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-417/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/107989\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-399/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-400/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-401/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-402/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-403/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-404/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-410/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-417/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

VAR-201904-1017

Vulnerability from variot - Updated: 2023-12-18 12:28

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack. Delta CNCSoft ScreenEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. When parsing the wTextLen element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the Administrator. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities 3

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201904-1017",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "cncsoft screeneditor",
        "scope": null,
        "trust": 4.2,
        "vendor": "delta industrial automation",
        "version": null
      },
      {
        "model": "cncsoft",
        "scope": null,
        "trust": 1.4,
        "vendor": "delta industrial automation",
        "version": null
      },
      {
        "model": "cncsoft screeneditor",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "deltaww",
        "version": "1.00.88"
      },
      {
        "model": "screeneditor",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "delta",
        "version": "1.00.88"
      },
      {
        "model": "electronics inc cncsoft screeneditor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "delta",
        "version": "1.0.88"
      },
      {
        "model": "electronics inc cncsoft screeneditor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "delta",
        "version": "1.0.84"
      },
      {
        "model": "electronics inc cncsoft screeneditor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "delta",
        "version": "1.0.89"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-399"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-401"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-402"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-410"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-404"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-417"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-400"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-403"
      },
      {
        "db": "BID",
        "id": "107989"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003483"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10947"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:deltaww:cncsoft_screeneditor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.00.88",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10947"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Natnael Samson (@NattiSamson)",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-399"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-401"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-402"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-410"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-404"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-417"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-400"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-403"
      }
    ],
    "trust": 5.6
  },
  "cve": "CVE-2019-10947",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-10947",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-10947",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 5.6,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-10947",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2019-10947",
            "trust": 5.6,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-10947",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201904-797",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-399"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-401"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-402"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-410"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-404"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-417"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-400"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-403"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003483"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-797"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack. Delta CNCSoft ScreenEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. When parsing the wTextLen element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the Administrator. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple heap-based buffer-overflow vulnerabilities\n3",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10947"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003483"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-399"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-401"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-402"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-410"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-404"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-417"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-400"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-403"
      },
      {
        "db": "BID",
        "id": "107989"
      }
    ],
    "trust": 6.93
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-10947",
        "trust": 8.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-106-01",
        "trust": 2.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-399",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-401",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-402",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-410",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-404",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-417",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-400",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-403",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "107989",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003483",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-7807",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-7809",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-7810",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-7823",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-7812",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-7946",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-7808",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-7811",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1319",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-797",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-399"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-401"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-402"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-410"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-404"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-417"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-400"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-403"
      },
      {
        "db": "BID",
        "id": "107989"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003483"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-797"
      }
    ]
  },
  "id": "VAR-201904-1017",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.3
  },
  "last_update_date": "2023-12-18T12:28:23.452000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
        "trust": 5.6,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-106-01"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.deltaww.com/"
      },
      {
        "title": "Delta Electronics Delta Industrial Automation CNCSoft ScreenEditor Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91593"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-399"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-401"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-402"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-410"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-404"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-417"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-400"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-403"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003483"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-797"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003483"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10947"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 8.9,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-106-01"
      },
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/107989"
      },
      {
        "trust": 2.2,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-19-417/"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-19-399/"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-19-400/"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-19-401/"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-19-402/"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-19-403/"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-19-404/"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-19-410/"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10947"
      },
      {
        "trust": 0.9,
        "url": "http://www.deltaww.com/services/downloadcenter2.aspx?secid=8\u0026pid=2\u0026tid=0\u0026cid=06\u0026itemid=060202\u0026typeid=1\u0026downloadid=\u0026title=\u0026datatype=8;\u0026check=1\u0026hl=en-us"
      },
      {
        "trust": 0.9,
        "url": "http://www.deltaww.com/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10947"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/79202"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-399"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-401"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-402"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-410"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-404"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-417"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-400"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-403"
      },
      {
        "db": "BID",
        "id": "107989"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003483"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-797"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-19-399"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-401"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-402"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-410"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-404"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-417"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-400"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-403"
      },
      {
        "db": "BID",
        "id": "107989"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003483"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-797"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-399"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-401"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-402"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-410"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-404"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-417"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-400"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-403"
      },
      {
        "date": "2019-04-16T00:00:00",
        "db": "BID",
        "id": "107989"
      },
      {
        "date": "2019-05-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003483"
      },
      {
        "date": "2019-04-17T15:29:00.750000",
        "db": "NVD",
        "id": "CVE-2019-10947"
      },
      {
        "date": "2019-04-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-797"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-399"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-401"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-402"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-410"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-404"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-417"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-400"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-403"
      },
      {
        "date": "2019-04-16T00:00:00",
        "db": "BID",
        "id": "107989"
      },
      {
        "date": "2019-05-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003483"
      },
      {
        "date": "2020-10-02T14:44:09.410000",
        "db": "NVD",
        "id": "CVE-2019-10947"
      },
      {
        "date": "2020-10-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-797"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "107989"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-797"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wMessageLen Stack-based Buffer Overflow Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-401"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-400"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-403"
      }
    ],
    "trust": 2.1
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-797"
      }
    ],
    "trust": 0.6
  }
}

ICSA-19-106-01

Vulnerability from csaf_cisa - Published: 2019-04-16 00:00 - Updated: 2019-04-16 00:00

Summary

ICSA-19-106-01_Delta Industrial Automation CNCSoft

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Summary

Natnael Samson (@NattiSamson) and an anonymous researcher working with Trend Micro 's Zero Day Initiative (ZDI) reported these vulnerabilities to NCCIC.

Exploitability

No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Natnael Samson (@NattiSamson)",
          "an anonymous party"
        ],
        "organization": "Trend Micro \u0027s Zero Day Initiative (ZDI)",
        "summary": "reporting these vulnerabilities to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "summary",
        "text": "Natnael Samson (@NattiSamson) and an anonymous researcher working with Trend Micro \u0027s Zero Day Initiative (ZDI) reported these vulnerabilities to NCCIC.",
        "title": "Summary"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "CISAservicedesk@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-106-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-106-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-106-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-106-01"
      }
    ],
    "title": "ICSA-19-106-01_Delta Industrial Automation CNCSoft",
    "tracking": {
      "current_release_date": "2019-04-16T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA USCert CSAF Generator",
          "version": "1"
        }
      },
      "id": "ICSA-19-106-01",
      "initial_release_date": "2019-04-16T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-04-16T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-19-106-01 Delta Industrial Automation CNCSoft"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.00.88",
                "product": {
                  "name": "CNCSoft ScreenEditor: Version 1.00.88 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "CNCSoft ScreenEditor"
          }
        ],
        "category": "vendor",
        "name": "Delta Electronics"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-10947",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.CVE-2019-10947 has been assigned to these vulnerabilities. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Update to the latest version of ScreenEditor 1.00.89. This updated version can be found at:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://www.deltaww.com/services/DownloadCenter2.aspx?secID=8\u0026pid=2\u0026tid=0\u0026CID=06\u0026itemID=060202\u0026typeID=1\u0026downloadID=\u0026title=\u0026dataType=8"
        },
        {
          "category": "mitigation",
          "details": "Restrict the interaction with the application to trusted files.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-10947"
    },
    {
      "cve": "CVE-2019-10951",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap.CVE-2019-10951 has been assigned to these vulnerabilities. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Update to the latest version of ScreenEditor 1.00.89. This updated version can be found at:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://www.deltaww.com/services/DownloadCenter2.aspx?secID=8\u0026pid=2\u0026tid=0\u0026CID=06\u0026itemID=060202\u0026typeID=1\u0026downloadID=\u0026title=\u0026dataType=8"
        },
        {
          "category": "mitigation",
          "details": "Restrict the interaction with the application to trusted files.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-10951"
    },
    {
      "cve": "CVE-2019-10949",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files.CVE-2019-10949 has been assigned to these vulnerabilities. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Update to the latest version of ScreenEditor 1.00.89. This updated version can be found at:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://www.deltaww.com/services/DownloadCenter2.aspx?secID=8\u0026pid=2\u0026tid=0\u0026CID=06\u0026itemID=060202\u0026typeID=1\u0026downloadID=\u0026title=\u0026dataType=8"
        },
        {
          "category": "mitigation",
          "details": "Restrict the interaction with the application to trusted files.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2019-10949"
    }
  ]
}

GSD-2019-10947

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-10947

Aliases

CVE-2019-10947

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-10947",
    "description": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.",
    "id": "GSD-2019-10947"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-10947"
      ],
      "details": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.",
      "id": "GSD-2019-10947",
      "modified": "2023-12-13T01:23:58.046070Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2019-10947",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Delta Industrial Automation CNCSoft",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "CNCSoft ScreenEditor Version 1.00.88 and prior."
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "STACK-BASED BUFFER OVERFLOW CWE-121"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-417/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-417/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-399/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-399/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-401/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-401/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-402/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-402/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-403/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-403/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-404/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-404/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-410/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-410/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-400/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-400/"
          },
          {
            "name": "107989",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/107989"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:deltaww:cncsoft_screeneditor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.00.88",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-10947"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-417/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-417/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-410/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-410/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-404/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-404/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-403/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-403/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-402/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-402/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-401/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-401/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-400/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-400/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-399/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-399/"
            },
            {
              "name": "107989",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/107989"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-10-02T14:44Z",
      "publishedDate": "2019-04-17T15:29Z"
    }
  }
}

FKIE_CVE-2019-10947

Vulnerability from fkie_nvd - Published: 2019-04-17 15:29 - Updated: 2024-11-21 04:20

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/107989	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01	Patch, Third Party Advisory, US Government Resource
ics-cert@hq.dhs.gov	https://www.zerodayinitiative.com/advisories/ZDI-19-399/	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://www.zerodayinitiative.com/advisories/ZDI-19-400/	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://www.zerodayinitiative.com/advisories/ZDI-19-401/	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://www.zerodayinitiative.com/advisories/ZDI-19-402/	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://www.zerodayinitiative.com/advisories/ZDI-19-403/	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://www.zerodayinitiative.com/advisories/ZDI-19-404/	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://www.zerodayinitiative.com/advisories/ZDI-19-410/	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://www.zerodayinitiative.com/advisories/ZDI-19-417/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107989	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-19-399/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-19-400/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-19-401/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-19-402/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-19-403/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-19-404/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-19-410/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-19-417/	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	deltaww	cncsoft_screeneditor	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:deltaww:cncsoft_screeneditor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "86DA8ED1-20DF-4CDA-953B-588DBC2CE2B0",
              "versionEndIncluding": "1.00.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack."
    },
    {
      "lang": "es",
      "value": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor versi\u00f3n 1.00.88 y anteriores. Se pueden aprovechar m\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer  en la regi\u00f3n stack de la memoria al procesar archivos de proyecto especialmente creados, lo que permite a un atacante ejecutar c\u00f3digo arbitrario de forma remota. Esto puede ocurrir porque CNCSoft carece de comprobaci\u00f3n de entrada del usuario antes de copiar datos de los archivos del proyecto en la pila."
    }
  ],
  "id": "CVE-2019-10947",
  "lastModified": "2024-11-21T04:20:12.717",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-17T15:29:00.750",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107989"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-399/"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-400/"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-401/"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-402/"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-403/"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-404/"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-410/"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-417/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107989"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-399/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-400/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-401/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-402/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-403/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-404/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-410/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-417/"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-QMRF-743W-6R87

Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2022-05-13 01:15

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-10947"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-17T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.",
  "id": "GHSA-qmrf-743w-6r87",
  "modified": "2022-05-13T01:15:04Z",
  "published": "2022-05-13T01:15:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10947"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-399"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-400"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-401"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-402"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-403"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-404"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-410"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-417"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107989"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-10947 (GCVE-0-2019-10947)

VAR-201904-1017

ICSA-19-106-01

GSD-2019-10947

FKIE_CVE-2019-10947

GHSA-QMRF-743W-6R87

Tags

Sightings

Nomenclature