An Out-of-bounds Read vulnerability is found in Delta Industrial Automation CNCSoft. The vulnerability is due to improper user input validation for processing project ﬁles. Successful exploitation of this vulnerability could cause a buﬀer overﬂow condition that may allow information disclosure or crash the application.
CNCSoft ScreenEditor Version 1.00.84 and prior
Researchers recommend taking following defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. Locate control system networks and remote devices behind ﬁrewalls, and isolate them from the business network. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available.