CISA has published an advisory on stack-based buffer overflow, out-of-bounds read, and access of uninitialized pointer vulnerabilities in Delta Industrial Automation CNCSoft ScreenEditor. Versions 1.01.23 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. Delta Electronics recommends updating to the latest version of CNCSoft ScreenEditor Version 1.01.26 and restricting the interaction of the application to trusted files. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!