OTPulse
FeedAboutContact

Delta Industrial Automation CNCSoft

Monitor4.4ICS-CERT ICSA-19-050-02Feb 19, 2019
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Delta CNCSoft ScreenEditor versions 1.00.84 and earlier contain a buffer overflow vulnerability (CWE-125) in file handling. Successful exploitation can cause information disclosure or crash the application. The vulnerability requires local access and user interaction to open a malicious file. No public exploits are known. This vulnerability is not remotely exploitable.

What this means
What could happen
A buffer overflow in CNCSoft ScreenEditor could allow an attacker to disclose sensitive information or crash the application, disrupting engineering workflows for manufacturing automation systems.
Who's at risk
Manufacturing facilities using Delta CNCSoft ScreenEditor for CNC programming and machine control should be concerned. This affects engineering workstations that run the vulnerable version, not the production controllers themselves, but compromised workstations can be used to alter control programs.
How it could be exploited
An attacker must trick a user into opening a malicious file with CNCSoft ScreenEditor. The crafted file triggers a buffer overflow that either leaks memory contents or crashes the application. This is a local attack requiring user interaction.
Prerequisites
  • Access to a file that CNCSoft ScreenEditor will open
  • User interaction to open the malicious file
  • CNCSoft ScreenEditor version 1.00.84 or earlier installed on the workstation
Low complexity attackRequires user interactionLocal exploitation onlyAffects engineering workstation—not directly a runtime safety system but a tool to program them
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
CNCSoft ScreenEditor:≤ 1.00.841.01.15
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict interaction with CNCSoft ScreenEditor to trusted files only; do not open project files from untrusted sources
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CNCSoft ScreenEditor to version 1.01.15 or later
Long-term hardening
0/1
HARDENINGIsolate engineering workstations running CNCSoft from the business network and the Internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/dca0c310-c3a2-40b9-adb7-2c0759fd2648