Delta Industrial Automation CNCSoft ScreenEditor

Plan Patch7.8ICS-CERT ICSA-19-192-01Jul 11, 2019

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics ScreenEditor version 1.00.89 and earlier contains a buffer overflow vulnerability (CWE-122, CWE-125) in file parsing. Successful exploitation could allow information disclosure, remote code execution, or application crash when a user opens a malicious file. The vulnerability is triggered by parsing specially crafted input and does not require special privileges or authentication.

What this means

What could happen

A buffer overflow in ScreenEditor could allow an attacker to run arbitrary code on a machine running the software, potentially compromising the engineering workstation and any control systems it manages. In a manufacturing environment, this could lead to unauthorized modification of industrial control logic or process interruption.

Who's at risk

Manufacturing facilities and discrete process industries that use Delta Electronics ScreenEditor for PLC and motion control programming. Engineering teams, commissioning contractors, and maintenance personnel who open project files or design files in ScreenEditor are at direct risk. Any production line or machine controlled by a PLC configured with ScreenEditor could be indirectly affected if the engineering workstation is compromised.

How it could be exploited

An attacker would trick a user into opening a malicious file (drawing, configuration, or project file) in ScreenEditor. When the application parses the file, the buffer overflow is triggered, allowing the attacker to execute code with the privileges of the user running ScreenEditor. If ScreenEditor runs on an engineering workstation with access to PLCs or control networks, the attacker gains a foothold to further compromise industrial systems.

Prerequisites

User must open a crafted file in ScreenEditor
ScreenEditor must be installed and running on an accessible machine
No special file permissions or credentials required

Low complexity exploitation (malicious file)User interaction required (must open file)No authentication requiredAffects engineering software used to program safety and process control systemsNo patch available for older versions still in use

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (1)

ProductAffected VersionsFix Status

CNCSoft ScreenEditor:≤ 1.00.891.00.94

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict ScreenEditor file access to only trusted, validated project and configuration files from known sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ScreenEditor to version 1.00.94 or later

Long-term hardening

0/2

HARDENINGIsolate engineering workstations running ScreenEditor from the business network behind a firewall; only allow direct connections from authorized maintenance and engineering devices

HARDENINGTrain users not to open unsolicited files or click unexpected links that could deliver malicious project files

CVEs (2)

CVE-2019-10982 CVE-2019-10992

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/24bc287e-b2a3-409e-90ed-dab4e2e4e7ab