CVE-2019-10947
CVE-2019-10947
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 3.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
17 abr 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.
Productos afectados
n/a · Delta Industrial Automation CNCSoft¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01https://www.zerodayinitiative.com/advisories/ZDI-19-399/https://www.zerodayinitiative.com/advisories/ZDI-19-400/https://www.zerodayinitiative.com/advisories/ZDI-19-401/https://www.zerodayinitiative.com/advisories/ZDI-19-402/https://www.zerodayinitiative.com/advisories/ZDI-19-403/https://www.zerodayinitiative.com/advisories/ZDI-19-404/https://www.zerodayinitiative.com/advisories/ZDI-19-410/https://www.zerodayinitiative.com/advisories/ZDI-19-417/http://www.securityfocus.com/bid/107989