ICSA-19-106-01_Delta Industrial Automation CNCSoft

Plan Patch7.8ICS-CERT ICSA-19-106-01Apr 16, 2019

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

CNCSoft ScreenEditor versions 1.00.88 and earlier contain a buffer over-read vulnerability (CWE-125) in file handling. An attacker can craft a malicious ScreenEditor project file that, when opened by a user, reads beyond allocated memory boundaries. This could allow disclosure of sensitive data from the application's memory or cause the application to crash. The vulnerability requires local access and user action (opening the file) and is not remotely exploitable.

What this means

What could happen

An attacker with local access to a machine running CNCSoft ScreenEditor could read sensitive data, modify files, or crash the application through a buffer over-read vulnerability triggered by opening a malicious project file.

Who's at risk

Manufacturing facilities using Delta CNCSoft ScreenEditor for industrial process design and automation control are affected. This primarily impacts engineering teams and operators who create or modify control system configurations on workstations running the software.

How it could be exploited

An attacker must trick a user into opening a malicious ScreenEditor project file on a machine where ScreenEditor is installed. The file triggers a buffer over-read, allowing the attacker to read memory or corrupt the application's execution. This is typically delivered via email or a network share that the operator trusts.

Prerequisites

ScreenEditor installed on a machine with user access
User interaction required to open a malicious file
No direct network access needed; requires social engineering or local file delivery

requires user interaction (opens malicious file)low complexity exploitationaffects engineering software used in critical manufacturingno public exploit available but vulnerability is documented

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (1)

ProductAffected VersionsFix Status

CNCSoft ScreenEditor:≤ 1.00.881.00.89

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict ScreenEditor use to trusted, verified project files and disable automatic file opening

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CNCSoft ScreenEditor to version 1.00.89 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate engineering workstations from business and internet networks

HARDENINGApply user awareness training on recognizing malicious email attachments and unsolicited files

CVEs (3)

CVE-2019-10947 CVE-2019-10951 CVE-2019-10949

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8ee56f16-dd8c-4e6f-ab4a-12ebaffd9860