You are here

Delta Electronics CNCSoft and ScreenEditor (ICSA-18-219-01)

Delta Electronics CNCSoft and ScreenEditor (ICSA-18-219-01)

Created: Thursday, August 9, 2018 - 13:15
Categories:
Cybersecurity

The NCCIC has released an advisory regarding multiple stack-based buffer overflows, and out-of-bounds read vulnerabilities affecting Delta Electronics CNCSoft and ScreenEditor products. CNCSoft Version 1.00.83 and prior, and the accompanying, ScreenEditor Version 1.00.54 are affected. Exploitation of both vulnerabilities cause the software to crash due to the failure to validate user input. Currently there are no known public exploits; however, this vulnerability is remotely exploitable, and could be successfully exploited by an attacker with a low skill level. Delta Electronics recommends updating to the latest version of CNCSoft, v1.01.09, as well as restricting interaction with the application to trusted files. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT