

Rewterz Threat Advisory – CVE-2019-10639 – Linux Kernel “net_hash_mix()” Information Disclosure Vulnerability
July 11, 2019
Rewterz Threat Advisory – CVE-2019-10935 – Siemens SIMATIC WinCC and PCS7 Information Disclosure Vulnerability
July 12, 2019
Rewterz Threat Advisory – CVE-2019-10639 – Linux Kernel “net_hash_mix()” Information Disclosure Vulnerability
July 11, 2019
Rewterz Threat Advisory – CVE-2019-10935 – Siemens SIMATIC WinCC and PCS7 Information Disclosure Vulnerability
July 12, 2019Severity
Medium
Analysis Summary
CVE-2019-10982
Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap.
CVE-2019-10992
Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files.
Impact
- Execution of arbitrary code
- Information disclosure
Affected Vendors
Delta Electronics
Affected Products
CNCSoft ScreenEditor
Remediation
Vendor recommends to update to the latest version:
latest version of ScreenEditor, Version 1.00.94