Sign-up

ID

VAR-201902-0133


CVE

CVE-2019-6547


TITLE

CNCSoft ScreenEditor Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2019-002116

DESCRIPTION

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files. CNCSoft ScreenEditor Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users

Trust: 2.52

sources: NVD: CVE-2019-6547 // JVNDB: JVNDB-2019-002116 // ZDI: ZDI-19-225 // BID: 107086

AFFECTED PRODUCTS

vendor:deltawwmodel:screeneditorscope:lteversion:1.00.84

Trust: 1.0

vendor:deltamodel:screeneditorscope:lteversion:1.00.84

Trust: 0.8

vendor:delta industrial automationmodel:cncsoftscope: - version: -

Trust: 0.7

vendor:deltamodel:electronics inc cncsoft screeneditorscope:eqversion:1.0.84

Trust: 0.3

vendor:deltamodel:electronics inc cncsoft screeneditorscope:neversion:1.1.15

Trust: 0.3

sources: ZDI: ZDI-19-225 // BID: 107086 // JVNDB: JVNDB-2019-002116 // NVD: CVE-2019-6547

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6547
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-6547
value: MEDIUM

Trust: 0.8

ZDI: CVE-2019-6547
value: LOW

Trust: 0.7

CNNVD: CNNVD-201902-742
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-6547
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-6547
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-6547
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2019-6547
baseSeverity: LOW
baseScore: 3.3
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-19-225 // JVNDB: JVNDB-2019-002116 // CNNVD: CNNVD-201902-742 // NVD: CVE-2019-6547

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2019-002116 // NVD: CVE-2019-6547

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201902-742

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201902-742

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002116

PATCH
title:Top Padeurl:https://www.deltaww.com/
Trust: 0.8
title:Delta Industrial Automation has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-050-02
Trust: 0.7
title:Delta Industrial Automation CNCSoft Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89543
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-225 // 
            
            
            
            JVNDB: JVNDB-2019-002116 // 
            
            
            
            CNNVD: CNNVD-201902-742

EXTERNAL IDS
db:NVDid:CVE-2019-6547
Trust: 3.4
db:ICS CERTid:ICSA-19-050-02
Trust: 2.4
db:BIDid:107086
Trust: 1.9
db:ZDIid:ZDI-19-225
Trust: 1.3
db:JVNDBid:JVNDB-2019-002116
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-7772
Trust: 0.7
db:AUSCERTid:ESB-2019.0519
Trust: 0.6
db:NSFOCUSid:43676
Trust: 0.6
db:CNNVDid:CNNVD-201902-742
Trust: 0.6
db:ICS CERTid:ICSA-19-106-01
Trust: 0.3
sources:
            
            
            ZDI: ZDI-19-225 // 
            
            
            
            BID: 107086 // 
            
            
            
            JVNDB: JVNDB-2019-002116 // 
            
            
            
            CNNVD: CNNVD-201902-742 // 
            
            
            
            NVD: CVE-2019-6547

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-050-02
Trust: 3.7
url:http://www.securityfocus.com/bid/107086
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-6547
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6547
Trust: 0.8
url:https://www.zerodayinitiative.com/advisories/zdi-19-225/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/43676
Trust: 0.6
url:https://www.auscert.org.au/bulletins/75826
Trust: 0.6
url:http://www.deltaww.com/services/downloadcenter2.aspx?secid=8&pid=2&tid=0&cid=06&itemid=060202&typeid=1&downloadid=&title=&datatype=8;&check=1&hl=en-us
Trust: 0.3
url:http://www.deltaww.com/
Trust: 0.3
url:https://ics-cert.us-cert.gov/advisories/icsa-19-106-01
Trust: 0.3
sources:
            
            
            ZDI: ZDI-19-225 // 
            
            
            
            BID: 107086 // 
            
            
            
            JVNDB: JVNDB-2019-002116 // 
            
            
            
            CNNVD: CNNVD-201902-742 // 
            
            
            
            NVD: CVE-2019-6547

CREDITS
Natnael Samson(@NattiSamson)
Trust: 0.7
sources:
            
            
            ZDI: ZDI-19-225

SOURCES
db:ZDIid:ZDI-19-225
db:BIDid:107086
db:JVNDBid:JVNDB-2019-002116
db:CNNVDid:CNNVD-201902-742
db:NVDid:CVE-2019-6547

LAST UPDATE DATE
2024-11-23T21:37:28.086000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-19-225date:2019-02-20T00:00:00
db:BIDid:107086date:2019-02-19T00:00:00
db:JVNDBid:JVNDB-2019-002116date:2019-04-03T00:00:00
db:CNNVDid:CNNVD-201902-742date:2019-10-17T00:00:00
db:NVDid:CVE-2019-6547date:2024-11-21T04:46:40.333

SOURCES RELEASE DATE
db:ZDIid:ZDI-19-225date:2019-02-20T00:00:00
db:BIDid:107086date:2019-02-19T00:00:00
db:JVNDBid:JVNDB-2019-002116date:2019-04-03T00:00:00
db:CNNVDid:CNNVD-201902-742date:2019-02-19T00:00:00
db:NVDid:CVE-2019-6547date:2019-02-28T21:29:00.250