Delta Fixes it Industrial Automation CNCSoft

Tuesday, February 19, 2019 @ 04:02 PM gHale

Delta Electronics (Delta) has recommendations, including a new version, to fix an out-of-bounds read in its Delta Industrial Automation CNCSoft, according to a report with NCCIC.

Successful exploitation of this vulnerability, discovered by Natnael Samson (@NattiSamson) working with Trend Micro’s Zero Day Initiative (ZDI), could cause a buffer overflow condition that may allow information disclosure or crash the application.

RELATED STORIES
Intel Has Fix for Data Center Manager SDK Holes
Pangea Patches Bypass Vulnerability
Fuji Fixes FRENIC Devices
Siemens Fixes CP1604, CP1616 Holes

CNCSoft ScreenEditor Version 1.00.84 and prior suffer from the issue.

In the vulnerability, an out-of-bounds read issue may cause the software to crash due to lacking user input validation for processing project files.

CVE-2019-6547 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.4.

The product sees use mainly in the critical manufacturing sector. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely. However, an attacker with low skill level could leverage the vulnerability.

Taiwan-based Delta recommends the following:
• Update to the latest version of CNCSoft v1.01.15
• Restrict the interaction with the application to trusted files



Leave a Reply

You must be logged in to post a comment.