March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – AutoIt-Wrapped NanoCore RAT Malspam – Threat Indicators
April 16, 2019
Rewterz Threat Advisory – CVE-2019-10712 – WAGO Series 750-88x and 750-87x Undocumented Service Access Vulnerability
April 17, 2019
Rewterz Threat Alert – AutoIt-Wrapped NanoCore RAT Malspam – Threat Indicators
April 16, 2019
Rewterz Threat Advisory – CVE-2019-10712 – WAGO Series 750-88x and 750-87x Undocumented Service Access Vulnerability
April 17, 2019
Severity
High
Analysis Summary
CVE-2019-10947
Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.
CVE-2019-10951
Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap.
CVE-2019-10949
Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files.
Impact
- Information disclosure,
- Remote code execution
- Crash the application.
Affected Vendors
Delta
Affected Products
Delta Industrial Automation CNCSoft
Remediation
Vendor recommends the following:
Update to the latest version of ScreenEditor 1.00.89. This updated version can be found at:
http://www.deltaww.com/services/DownloadCenter2.aspx?secID=8&pid=2&tid=0&CID=06&itemID=060202&typeID=1&downloadID=&title=&dataType=8;&check=1&hl=en-US