Delta Industrial Automation CNCSoft Screen Editor (ICSA-19-192-01)

The NCCIC has published an advisory on heap-based buffer overflow and out-of-bounds read vulnerabilities in Delta Electronics CNCSoft ScreenEditor. Versions 1.00.89 and prior are affected. Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the application. Delta Electronics recommends users update to the latest version, Version 1.00.95, and restrict the interaction of the application to trusted files. The NCCIC also advises of a series of measures for mitigating the vulnerabilities. Read the advisory at CISA.