Sign-up

ID

VAR-201904-1021


CVE

CVE-2019-10951


TITLE

Delta CNCSoft ScreenEditor Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003485

DESCRIPTION

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap. Delta CNCSoft ScreenEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPB files. An attacker can leverage this vulnerability to execute code in the context of the Administrator. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities 3

Trust: 3.15

sources: NVD: CVE-2019-10951 // JVNDB: JVNDB-2019-003485 // ZDI: ZDI-19-408 // ZDI: ZDI-19-405 // BID: 107989

AFFECTED PRODUCTS

vendor:delta industrial automationmodel:cncsoft screeneditorscope: - version: -

Trust: 1.4

vendor:deltawwmodel:cncsoft screeneditorscope:lteversion:1.00.88

Trust: 1.0

vendor:deltamodel:screeneditorscope:lteversion:1.00.88

Trust: 0.8

vendor:deltamodel:electronics inc cncsoft screeneditorscope:eqversion:1.0.88

Trust: 0.3

vendor:deltamodel:electronics inc cncsoft screeneditorscope:eqversion:1.0.84

Trust: 0.3

vendor:deltamodel:electronics inc cncsoft screeneditorscope:neversion:1.0.89

Trust: 0.3

sources: ZDI: ZDI-19-408 // ZDI: ZDI-19-405 // BID: 107989 // JVNDB: JVNDB-2019-003485 // NVD: CVE-2019-10951

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2019-10951
value: HIGH

Trust: 1.4

nvd@nist.gov: CVE-2019-10951
value: HIGH

Trust: 1.0

NVD: CVE-2019-10951
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-791
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-10951
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2019-10951
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2019-10951
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10951
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-19-408 // ZDI: ZDI-19-405 // JVNDB: JVNDB-2019-003485 // CNNVD: CNNVD-201904-791 // NVD: CVE-2019-10951

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2019-003485 // NVD: CVE-2019-10951

THREAT TYPE

local

Trust: 0.9

sources: BID: 107989 // CNNVD: CNNVD-201904-791

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201904-791

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003485

PATCH
title:Delta Industrial Automation has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01
Trust: 1.4
title:Top Pageurl:https://www.deltaww.com/
Trust: 0.8
title:Delta Electronics Delta Industrial Automation CNCSoft ScreenEditor Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91587
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-408 // 
            
            
            
            ZDI: ZDI-19-405 // 
            
            
            
            JVNDB: JVNDB-2019-003485 // 
            
            
            
            CNNVD: CNNVD-201904-791

EXTERNAL IDS
db:NVDid:CVE-2019-10951
Trust: 4.1
db:ICS CERTid:ICSA-19-106-01
Trust: 2.7
db:ZDIid:ZDI-19-408
Trust: 2.3
db:ZDIid:ZDI-19-405
Trust: 2.3
db:BIDid:107989
Trust: 1.9
db:JVNDBid:JVNDB-2019-003485
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-7831
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-7813
Trust: 0.7
db:AUSCERTid:ESB-2019.1319
Trust: 0.6
db:CNNVDid:CNNVD-201904-791
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-408 // 
            
            
            
            ZDI: ZDI-19-405 // 
            
            
            
            BID: 107989 // 
            
            
            
            JVNDB: JVNDB-2019-003485 // 
            
            
            
            CNNVD: CNNVD-201904-791 // 
            
            
            
            NVD: CVE-2019-10951

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-106-01
Trust: 4.7
url:https://www.zerodayinitiative.com/advisories/zdi-19-408/
Trust: 2.2
url:http://www.securityfocus.com/bid/107989
Trust: 2.2
url:https://www.zerodayinitiative.com/advisories/zdi-19-405/
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-10951
Trust: 1.4
url:http://www.deltaww.com/services/downloadcenter2.aspx?secid=8&pid=2&tid=0&cid=06&itemid=060202&typeid=1&downloadid=&title=&datatype=8;&check=1&hl=en-us
Trust: 0.9
url:http://www.deltaww.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10951
Trust: 0.8
url:https://www.auscert.org.au/bulletins/79202
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-408 // 
            
            
            
            ZDI: ZDI-19-405 // 
            
            
            
            BID: 107989 // 
            
            
            
            JVNDB: JVNDB-2019-003485 // 
            
            
            
            CNNVD: CNNVD-201904-791 // 
            
            
            
            NVD: CVE-2019-10951

CREDITS
Natnael Samson(@NattiSamson
Trust: 0.7
sources:
            
            
            ZDI: ZDI-19-408

SOURCES
db:ZDIid:ZDI-19-408
db:ZDIid:ZDI-19-405
db:BIDid:107989
db:JVNDBid:JVNDB-2019-003485
db:CNNVDid:CNNVD-201904-791
db:NVDid:CVE-2019-10951

LAST UPDATE DATE
2024-11-23T21:37:28.188000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-19-408date:2019-04-17T00:00:00
db:ZDIid:ZDI-19-405date:2019-04-17T00:00:00
db:BIDid:107989date:2019-04-16T00:00:00
db:JVNDBid:JVNDB-2019-003485date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-791date:2020-10-09T00:00:00
db:NVDid:CVE-2019-10951date:2024-11-21T04:20:13.200

SOURCES RELEASE DATE
db:ZDIid:ZDI-19-408date:2019-04-17T00:00:00
db:ZDIid:ZDI-19-405date:2019-04-17T00:00:00
db:BIDid:107989date:2019-04-16T00:00:00
db:JVNDBid:JVNDB-2019-003485date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-791date:2019-04-16T00:00:00
db:NVDid:CVE-2019-10951date:2019-04-17T15:29:00.813