Delta Industrial Automation CNCSoft (ICSA-19-106-01)

The NCCIC has published an advisory on stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds read vulnerabilities in Delta Industrial Automation CNCSoft. Versions 1.00.88 and prior are affected. Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the application. Delta Electronics recommends updating to the latest version of ScreenEditor 1.00.89. The NCCIC also provides a list of recommended measures for addressing the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.