You are here

Delta Electronics Industrial Automation CNCSoft ScreenEditor (ICSA-20-077-01)

Delta Electronics Industrial Automation CNCSoft ScreenEditor (ICSA-20-077-01)

Created: Tuesday, March 17, 2020 - 14:25
Categories:
Cybersecurity

CISA has published an advisory on stack-based buffer overflow and out-of-bounds read vulnerabilities in Delta Electronics Industrial Automation CNCSoft ScreenEditor. Versions 1.00.96 and prior are affected. Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the application. Delta recommends updating to the latest version of CNCSoft v1.01.24 (with ScreenEditor v1.00.98) and restricting the interaction with the application to trusted files. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.