Rewterz Threat Alert – AutoIt-Wrapped NanoCore RAT Malspam – Threat Indicators
April 16, 2019Rewterz Threat Advisory – CVE-2019-10712 – WAGO Series 750-88x and 750-87x Undocumented Service Access Vulnerability
April 17, 2019Rewterz Threat Alert – AutoIt-Wrapped NanoCore RAT Malspam – Threat Indicators
April 16, 2019Rewterz Threat Advisory – CVE-2019-10712 – WAGO Series 750-88x and 750-87x Undocumented Service Access Vulnerability
April 17, 2019Severity
High
Analysis Summary
CVE-2019-10947
Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.
CVE-2019-10951
Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap.
CVE-2019-10949
Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files.
Impact
- Information disclosure,
- Remote code execution
- Crash the application.
Affected Vendors
Delta
Affected Products
Delta Industrial Automation CNCSoft
Remediation
Vendor recommends the following:
Update to the latest version of ScreenEditor 1.00.89. This updated version can be found at:
http://www.deltaww.com/services/DownloadCenter2.aspx?secID=8&pid=2&tid=0&CID=06&itemID=060202&typeID=1&downloadID=&title=&dataType=8;&check=1&hl=en-US