Details of VAR-201904-1019

ID

VAR-201904-1019

CVE

CVE-2019-10949

TITLE

Delta Industrial Automation CNCSoft ScreenEditor DPB Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Trust: 2.1

sources: ZDI: ZDI-19-416 // ZDI: ZDI-19-415 // ZDI: ZDI-19-414

DESCRIPTION

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files. Delta CNCSoft ScreenEditor Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the Administrator. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities 3

Trust: 8.82

sources: NVD: CVE-2019-10949 // JVNDB: JVNDB-2019-003484 // ZDI: ZDI-19-406 // ZDI: ZDI-19-407 // ZDI: ZDI-19-419 // ZDI: ZDI-19-411 // ZDI: ZDI-19-412 // ZDI: ZDI-19-409 // ZDI: ZDI-19-416 // ZDI: ZDI-19-418 // ZDI: ZDI-19-413 // ZDI: ZDI-19-415 // ZDI: ZDI-19-414 // BID: 107989

AFFECTED PRODUCTS

vendor:	delta industrial automation	model:	cncsoft	scope:	-	version:	-	Trust: 3.5
vendor:	delta industrial automation	model:	cncsoft screeneditor	scope:	-	version:	-	Trust: 2.8
vendor:	delta	model:	cncsoft screeneditor	scope:	-	version:	-	Trust: 1.4
vendor:	deltaww	model:	cncsoft screeneditor	scope:	lte	version:	1.00.88	Trust: 1.0
vendor:	delta	model:	screeneditor	scope:	lte	version:	1.00.88	Trust: 0.8
vendor:	delta	model:	electronics inc cncsoft screeneditor	scope:	eq	version:	1.0.88	Trust: 0.3
vendor:	delta	model:	electronics inc cncsoft screeneditor	scope:	eq	version:	1.0.84	Trust: 0.3
vendor:	delta	model:	electronics inc cncsoft screeneditor	scope:	ne	version:	1.0.89	Trust: 0.3

sources: ZDI: ZDI-19-406 // ZDI: ZDI-19-407 // ZDI: ZDI-19-419 // ZDI: ZDI-19-411 // ZDI: ZDI-19-412 // ZDI: ZDI-19-409 // ZDI: ZDI-19-416 // ZDI: ZDI-19-418 // ZDI: ZDI-19-413 // ZDI: ZDI-19-415 // ZDI: ZDI-19-414 // BID: 107989 // JVNDB: JVNDB-2019-003484 // NVD: CVE-2019-10949

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2019-10949
value:	LOW
Trust: 7.7
nvd@nist.gov:	CVE-2019-10949
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-10949
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201904-788
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-10949
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

ZDI:	CVE-2019-10949
baseSeverity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 7.7
nvd@nist.gov:	CVE-2019-10949
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-19-406 // ZDI: ZDI-19-407 // ZDI: ZDI-19-419 // ZDI: ZDI-19-411 // ZDI: ZDI-19-412 // ZDI: ZDI-19-409 // ZDI: ZDI-19-416 // ZDI: ZDI-19-418 // ZDI: ZDI-19-413 // ZDI: ZDI-19-415 // ZDI: ZDI-19-414 // JVNDB: JVNDB-2019-003484 // CNNVD: CNNVD-201904-788 // NVD: CVE-2019-10949

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2019-003484 // NVD: CVE-2019-10949

THREAT TYPE

local

Trust: 0.9

sources: BID: 107989 // CNNVD: CNNVD-201904-788

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201904-788

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003484

PATCH

title:	Delta Industrial Automation has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01	Trust: 7.7
title:	Top Page	url:	https://www.deltaww.com/	Trust: 0.8
title:	Delta Electronics Delta Industrial Automation CNCSoft Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91584	Trust: 0.6

sources: ZDI: ZDI-19-406 // ZDI: ZDI-19-407 // ZDI: ZDI-19-419 // ZDI: ZDI-19-411 // ZDI: ZDI-19-412 // ZDI: ZDI-19-409 // ZDI: ZDI-19-416 // ZDI: ZDI-19-418 // ZDI: ZDI-19-413 // ZDI: ZDI-19-415 // ZDI: ZDI-19-414 // JVNDB: JVNDB-2019-003484 // CNNVD: CNNVD-201904-788

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10949	Trust: 10.4
db:	ICS CERT	id:	ICSA-19-106-01	Trust: 2.7
db:	ZDI	id:	ZDI-19-406	Trust: 2.3
db:	ZDI	id:	ZDI-19-407	Trust: 2.3
db:	ZDI	id:	ZDI-19-419	Trust: 2.3
db:	ZDI	id:	ZDI-19-411	Trust: 2.3
db:	ZDI	id:	ZDI-19-412	Trust: 2.3
db:	ZDI	id:	ZDI-19-409	Trust: 2.3
db:	ZDI	id:	ZDI-19-416	Trust: 2.3
db:	ZDI	id:	ZDI-19-418	Trust: 2.3
db:	ZDI	id:	ZDI-19-413	Trust: 2.3
db:	ZDI	id:	ZDI-19-415	Trust: 2.3
db:	ZDI	id:	ZDI-19-414	Trust: 2.3
db:	BID	id:	107989	Trust: 1.9
db:	JVNDB	id:	JVNDB-2019-003484	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-7814	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7826	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8061	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7827	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7945	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7815	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7962	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8059	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7947	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7961	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7960	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1319	Trust: 0.6
db:	CNNVD	id:	CNNVD-201904-788	Trust: 0.6

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-106-01	Trust: 11.0
url:	https://www.zerodayinitiative.com/advisories/zdi-19-419/	Trust: 2.2
url:	http://www.securityfocus.com/bid/107989	Trust: 2.2
url:	https://www.zerodayinitiative.com/advisories/zdi-19-414/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-413/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-412/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-411/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-407/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-418/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-406/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-416/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-415/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-409/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10949	Trust: 1.4
url:	http://www.deltaww.com/services/downloadcenter2.aspx?secid=8&pid=2&tid=0&cid=06&itemid=060202&typeid=1&downloadid=&title=&datatype=8;&check=1&hl=en-us	Trust: 0.9
url:	http://www.deltaww.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10949	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/79202	Trust: 0.6

CREDITS

Natnael Samson (@NattiSamson)

Trust: 5.6

sources: ZDI: ZDI-19-406 // ZDI: ZDI-19-407 // ZDI: ZDI-19-419 // ZDI: ZDI-19-411 // ZDI: ZDI-19-412 // ZDI: ZDI-19-409 // ZDI: ZDI-19-418 // ZDI: ZDI-19-413

SOURCES

db:	ZDI	id:	ZDI-19-406
db:	ZDI	id:	ZDI-19-407
db:	ZDI	id:	ZDI-19-419
db:	ZDI	id:	ZDI-19-411
db:	ZDI	id:	ZDI-19-412
db:	ZDI	id:	ZDI-19-409
db:	ZDI	id:	ZDI-19-416
db:	ZDI	id:	ZDI-19-418
db:	ZDI	id:	ZDI-19-413
db:	ZDI	id:	ZDI-19-415
db:	ZDI	id:	ZDI-19-414
db:	BID	id:	107989
db:	JVNDB	id:	JVNDB-2019-003484
db:	CNNVD	id:	CNNVD-201904-788
db:	NVD	id:	CVE-2019-10949

LAST UPDATE DATE

2024-11-23T21:37:28.009000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-406	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-407	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-419	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-411	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-412	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-409	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-416	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-418	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-413	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-415	date:	2024-01-19T00:00:00
db:	ZDI	id:	ZDI-19-414	date:	2024-01-19T00:00:00
db:	BID	id:	107989	date:	2019-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-003484	date:	2019-05-17T00:00:00
db:	CNNVD	id:	CNNVD-201904-788	date:	2019-04-19T00:00:00
db:	NVD	id:	CVE-2019-10949	date:	2024-11-21T04:20:12.963

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-19-406	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-407	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-419	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-411	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-412	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-409	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-416	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-418	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-413	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-415	date:	2019-04-17T00:00:00
db:	ZDI	id:	ZDI-19-414	date:	2019-04-17T00:00:00
db:	BID	id:	107989	date:	2019-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-003484	date:	2019-05-17T00:00:00
db:	CNNVD	id:	CNNVD-201904-788	date:	2019-04-16T00:00:00
db:	NVD	id:	CVE-2019-10949	date:	2019-04-17T15:29:00.783