ID | CVE-2019-10951 |
Summary | Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap. |
References | |
Vulnerable Configurations | |
CVSS | Base: | 6.8 (as of 02-10-2020 – 14:43) | Impact: | | Exploitability: | |
|
CWE | CWE-787 |
CAPEC | |
Access | Vector | Complexity | Authentication | NETWORK | MEDIUM | NONE |
|
Impact | Confidentiality | Integrity | Availability | PARTIAL | PARTIAL | PARTIAL |
|
cvss-vector via4 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
refmap via4 | |
Last major update | 02-10-2020 – 14:43 |
Published | 17-04-2019 – 15:29 |
Last modified | 02-10-2020 – 14:43 |