Details of VAR-201904-1017

ID

VAR-201904-1017

CVE

CVE-2019-10947

TITLE

Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wMessageLen Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 2.1

sources: ZDI: ZDI-19-401 // ZDI: ZDI-19-400 // ZDI: ZDI-19-403

DESCRIPTION

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack. Delta CNCSoft ScreenEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. When parsing the wTextLen element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the Administrator. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities 3

Trust: 6.93

sources: NVD: CVE-2019-10947 // JVNDB: JVNDB-2019-003483 // ZDI: ZDI-19-399 // ZDI: ZDI-19-401 // ZDI: ZDI-19-402 // ZDI: ZDI-19-410 // ZDI: ZDI-19-404 // ZDI: ZDI-19-417 // ZDI: ZDI-19-400 // ZDI: ZDI-19-403 // BID: 107989

AFFECTED PRODUCTS

vendor:	delta industrial automation	model:	cncsoft screeneditor	scope:	-	version:	-	Trust: 4.2
vendor:	delta industrial automation	model:	cncsoft	scope:	-	version:	-	Trust: 1.4
vendor:	deltaww	model:	cncsoft screeneditor	scope:	lte	version:	1.00.88	Trust: 1.0
vendor:	delta	model:	screeneditor	scope:	lte	version:	1.00.88	Trust: 0.8
vendor:	delta	model:	electronics inc cncsoft screeneditor	scope:	eq	version:	1.0.88	Trust: 0.3
vendor:	delta	model:	electronics inc cncsoft screeneditor	scope:	eq	version:	1.0.84	Trust: 0.3
vendor:	delta	model:	electronics inc cncsoft screeneditor	scope:	ne	version:	1.0.89	Trust: 0.3

sources: ZDI: ZDI-19-399 // ZDI: ZDI-19-401 // ZDI: ZDI-19-402 // ZDI: ZDI-19-410 // ZDI: ZDI-19-404 // ZDI: ZDI-19-417 // ZDI: ZDI-19-400 // ZDI: ZDI-19-403 // BID: 107989 // JVNDB: JVNDB-2019-003483 // NVD: CVE-2019-10947

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2019-10947
value:	HIGH
Trust: 5.6
nvd@nist.gov:	CVE-2019-10947
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-10947
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201904-797
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-10947
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

ZDI:	CVE-2019-10947
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 5.6
nvd@nist.gov:	CVE-2019-10947
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10947
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: ZDI: ZDI-19-399 // ZDI: ZDI-19-401 // ZDI: ZDI-19-402 // ZDI: ZDI-19-410 // ZDI: ZDI-19-404 // ZDI: ZDI-19-417 // ZDI: ZDI-19-400 // ZDI: ZDI-19-403 // JVNDB: JVNDB-2019-003483 // CNNVD: CNNVD-201904-797 // NVD: CVE-2019-10947

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-119	Trust: 0.8

sources: JVNDB: JVNDB-2019-003483 // NVD: CVE-2019-10947

THREAT TYPE

local

Trust: 0.9

sources: BID: 107989 // CNNVD: CNNVD-201904-797

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201904-797

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003483

PATCH

title:	Delta Industrial Automation has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01	Trust: 5.6
title:	Top Page	url:	https://www.deltaww.com/	Trust: 0.8
title:	Delta Electronics Delta Industrial Automation CNCSoft ScreenEditor Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91593	Trust: 0.6

sources: ZDI: ZDI-19-399 // ZDI: ZDI-19-401 // ZDI: ZDI-19-402 // ZDI: ZDI-19-410 // ZDI: ZDI-19-404 // ZDI: ZDI-19-417 // ZDI: ZDI-19-400 // ZDI: ZDI-19-403 // JVNDB: JVNDB-2019-003483 // CNNVD: CNNVD-201904-797

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10947	Trust: 8.3
db:	ICS CERT	id:	ICSA-19-106-01	Trust: 2.7
db:	ZDI	id:	ZDI-19-399	Trust: 2.3
db:	ZDI	id:	ZDI-19-401	Trust: 2.3
db:	ZDI	id:	ZDI-19-402	Trust: 2.3
db:	ZDI	id:	ZDI-19-410	Trust: 2.3
db:	ZDI	id:	ZDI-19-404	Trust: 2.3
db:	ZDI	id:	ZDI-19-417	Trust: 2.3
db:	ZDI	id:	ZDI-19-400	Trust: 2.3
db:	ZDI	id:	ZDI-19-403	Trust: 2.3
db:	BID	id:	107989	Trust: 1.9
db:	JVNDB	id:	JVNDB-2019-003483	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-7807	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7809	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7810	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7823	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7812	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7946	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7808	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7811	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1319	Trust: 0.6
db:	CNNVD	id:	CNNVD-201904-797	Trust: 0.6

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-106-01	Trust: 8.9
url:	http://www.securityfocus.com/bid/107989	Trust: 2.2
url:	https://www.zerodayinitiative.com/advisories/zdi-19-417/	Trust: 2.2
url:	https://www.zerodayinitiative.com/advisories/zdi-19-399/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-410/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-403/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-402/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-401/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-400/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-404/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10947	Trust: 1.4
url:	http://www.deltaww.com/services/downloadcenter2.aspx?secid=8&pid=2&tid=0&cid=06&itemid=060202&typeid=1&downloadid=&title=&datatype=8;&check=1&hl=en-us	Trust: 0.9
url:	http://www.deltaww.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10947	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/79202	Trust: 0.6

CREDITS

Natnael Samson (@NattiSamson)

Trust: 5.6

sources: ZDI: ZDI-19-399 // ZDI: ZDI-19-401 // ZDI: ZDI-19-402 // ZDI: ZDI-19-410 // ZDI: ZDI-19-404 // ZDI: ZDI-19-417 // ZDI: ZDI-19-400 // ZDI: ZDI-19-403

SOURCES

db:	ZDI	id:	ZDI-19-399
db:	ZDI	id:	ZDI-19-401
db:	ZDI	id:	ZDI-19-402
db:	ZDI	id:	ZDI-19-410
db:	ZDI	id:	ZDI-19-404
db:	ZDI	id:	ZDI-19-417
db:	ZDI	id:	ZDI-19-400
db:	ZDI	id:	ZDI-19-403
db:	BID	id:	107989
db:	JVNDB	id:	JVNDB-2019-003483
db:	CNNVD	id:	CNNVD-201904-797
db:	NVD	id:	CVE-2019-10947

LAST UPDATE DATE

2024-11-23T21:37:28.123000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-399	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-401	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-402	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-410	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-404	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-417	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-400	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-403	date:	2019-04-17T00:00:00
db:	BID	id:	107989	date:	2019-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-003483	date:	2019-05-17T00:00:00
db:	CNNVD	id:	CNNVD-201904-797	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-10947	date:	2024-11-21T04:20:12.717

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-19-399	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-401	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-402	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-410	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-404	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-417	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-400	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-403	date:	2019-04-17T00:00:00
db:	BID	id:	107989	date:	2019-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-003483	date:	2019-05-17T00:00:00
db:	CNNVD	id:	CNNVD-201904-797	date:	2019-04-16T00:00:00
db:	NVD	id:	CVE-2019-10947	date:	2019-04-17T15:29:00.750