Details of VAR-202003-1595

ID

VAR-202003-1595

CVE

CVE-2020-6976

TITLE

Delta Industrial Automation CNCSoft ScreenEditor Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003021

DESCRIPTION

Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of Giffile information within DPB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Delta Electronics CNCSoft ScreenEditor is a set of CNC machine tool simulation system software of Taiwan Delta Electronics (Delta Electronics) company

Trust: 3.33

sources: NVD: CVE-2020-6976 // JVNDB: JVNDB-2020-003021 // ZDI: ZDI-20-310 // CNVD: CNVD-2020-17486 // IVD: 5ad27d7f-0121-4265-92fa-4b092e75195d // IVD: 19d1944f-19d9-4cbf-98fa-7157b5458738 // IVD: cc3a18b3-4a54-475c-a2eb-b6fba5ab6ee3

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: IVD: 5ad27d7f-0121-4265-92fa-4b092e75195d // IVD: 19d1944f-19d9-4cbf-98fa-7157b5458738 // IVD: cc3a18b3-4a54-475c-a2eb-b6fba5ab6ee3 // CNVD: CNVD-2020-17486

AFFECTED PRODUCTS

vendor:	deltaww	model:	cncsoft screeneditor	scope:	lte	version:	1.00.96	Trust: 1.0
vendor:	delta	model:	cncsoft screeneditor	scope:	eq	version:	1.00.96	Trust: 0.8
vendor:	delta industrial automation	model:	cncsoft screeneditor	scope:	-	version:	-	Trust: 0.7
vendor:	cncsoft screeneditor	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	delta	model:	electronics delta electronics cncsoft screeneditor	scope:	lte	version:	<=1.00.96	Trust: 0.6

sources: IVD: 5ad27d7f-0121-4265-92fa-4b092e75195d // IVD: 19d1944f-19d9-4cbf-98fa-7157b5458738 // IVD: cc3a18b3-4a54-475c-a2eb-b6fba5ab6ee3 // ZDI: ZDI-20-310 // CNVD: CNVD-2020-17486 // JVNDB: JVNDB-2020-003021 // NVD: CVE-2020-6976

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-6976
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-003021
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2020-6976
value:	LOW
Trust: 0.7
CNVD:	CNVD-2020-17486
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202003-1032
value:	MEDIUM
Trust: 0.6
IVD:	5ad27d7f-0121-4265-92fa-4b092e75195d
value:	MEDIUM
Trust: 0.2
IVD:	19d1944f-19d9-4cbf-98fa-7157b5458738
value:	MEDIUM
Trust: 0.2
IVD:	cc3a18b3-4a54-475c-a2eb-b6fba5ab6ee3
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2020-6976
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-003021
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-17486
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	5ad27d7f-0121-4265-92fa-4b092e75195d
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	19d1944f-19d9-4cbf-98fa-7157b5458738
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	cc3a18b3-4a54-475c-a2eb-b6fba5ab6ee3
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2020-6976
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-003021
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-6976
baseSeverity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 0.7

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2020-003021 // NVD: CVE-2020-6976

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-1032

TYPE

Buffer error

Trust: 1.2

sources: IVD: 5ad27d7f-0121-4265-92fa-4b092e75195d // IVD: 19d1944f-19d9-4cbf-98fa-7157b5458738 // IVD: cc3a18b3-4a54-475c-a2eb-b6fba5ab6ee3 // CNNVD: CNNVD-202003-1032

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003021

PATCH

title:	Top Page	url:	http://www.deltaww.com/	Trust: 0.8
title:	Delta Industrial Automation has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-20-077-01	Trust: 0.7
title:	Patch for Delta Electronics CNCSoft ScreenEditor out-of-bounds reading vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/209167	Trust: 0.6
title:	Delta Electronics Delta Industrial Automation CNCSoft Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112452	Trust: 0.6

sources: ZDI: ZDI-20-310 // CNVD: CNVD-2020-17486 // JVNDB: JVNDB-2020-003021 // CNNVD: CNNVD-202003-1032

EXTERNAL IDS

db:	NVD	id:	CVE-2020-6976	Trust: 4.3
db:	ICS CERT	id:	ICSA-20-077-01	Trust: 3.0
db:	ZDI	id:	ZDI-20-310	Trust: 1.3
db:	CNVD	id:	CNVD-2020-17486	Trust: 1.2
db:	CNNVD	id:	CNNVD-202003-1032	Trust: 1.2
db:	JVNDB	id:	JVNDB-2020-003021	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-10420	Trust: 0.7
db:	NSFOCUS	id:	47402	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0991	Trust: 0.6
db:	IVD	id:	5AD27D7F-0121-4265-92FA-4B092E75195D	Trust: 0.2
db:	IVD	id:	19D1944F-19D9-4CBF-98FA-7157B5458738	Trust: 0.2
db:	IVD	id:	CC3A18B3-4A54-475C-A2EB-B6FBA5AB6EE3	Trust: 0.2

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-077-01	Trust: 3.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6976	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6976	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0991/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47402	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-20-310/	Trust: 0.6

sources: ZDI: ZDI-20-310 // CNVD: CNVD-2020-17486 // JVNDB: JVNDB-2020-003021 // CNNVD: CNNVD-202003-1032 // NVD: CVE-2020-6976

CREDITS

Natnael Samson (@NattiSamson)

Trust: 0.7

sources: ZDI: ZDI-20-310

SOURCES

db:	IVD	id:	5ad27d7f-0121-4265-92fa-4b092e75195d
db:	IVD	id:	19d1944f-19d9-4cbf-98fa-7157b5458738
db:	IVD	id:	cc3a18b3-4a54-475c-a2eb-b6fba5ab6ee3
db:	ZDI	id:	ZDI-20-310
db:	CNVD	id:	CNVD-2020-17486
db:	JVNDB	id:	JVNDB-2020-003021
db:	CNNVD	id:	CNNVD-202003-1032
db:	NVD	id:	CVE-2020-6976

LAST UPDATE DATE

2024-11-23T22:11:35.423000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-310	date:	2020-03-17T00:00:00
db:	CNVD	id:	CNVD-2020-17486	date:	2020-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-003021	date:	2020-04-01T00:00:00
db:	CNNVD	id:	CNNVD-202003-1032	date:	2020-08-05T00:00:00
db:	NVD	id:	CVE-2020-6976	date:	2024-11-21T05:36:25.160

SOURCES RELEASE DATE

db:	IVD	id:	5ad27d7f-0121-4265-92fa-4b092e75195d	date:	2020-03-17T00:00:00
db:	IVD	id:	19d1944f-19d9-4cbf-98fa-7157b5458738	date:	2020-03-17T00:00:00
db:	IVD	id:	cc3a18b3-4a54-475c-a2eb-b6fba5ab6ee3	date:	2020-03-17T00:00:00
db:	ZDI	id:	ZDI-20-310	date:	2020-03-17T00:00:00
db:	CNVD	id:	CNVD-2020-17486	date:	2020-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-003021	date:	2020-04-01T00:00:00
db:	CNNVD	id:	CNNVD-202003-1032	date:	2020-03-17T00:00:00
db:	NVD	id:	CVE-2020-6976	date:	2020-03-18T14:15:16.803