CVE-2019-10949

Sažetak

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files.

Reference

http://www.securityfocus.com/bid/107989
https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01
https://www.zerodayinitiative.com/advisories/ZDI-19-406/
https://www.zerodayinitiative.com/advisories/ZDI-19-407/
https://www.zerodayinitiative.com/advisories/ZDI-19-409/
https://www.zerodayinitiative.com/advisories/ZDI-19-411/
https://www.zerodayinitiative.com/advisories/ZDI-19-412/
https://www.zerodayinitiative.com/advisories/ZDI-19-413/
https://www.zerodayinitiative.com/advisories/ZDI-19-414/
https://www.zerodayinitiative.com/advisories/ZDI-19-415/
https://www.zerodayinitiative.com/advisories/ZDI-19-416/
https://www.zerodayinitiative.com/advisories/ZDI-19-418/
https://www.zerodayinitiative.com/advisories/ZDI-19-419/

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-10-2019 - 23:45

Objavljeno

17-04-2019 - 15:29