Delta Industrial Automation CNCSoft ScreenEditor

Plan Patch7.8ICS-CERT ICSA-20-217-01Aug 4, 2020

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics CNCSoft ScreenEditor versions 1.01.23 and earlier contain buffer overflow (CWE-121), out-of-bounds read (CWE-125), and unchecked array indexing (CWE-824) vulnerabilities in file processing. Successful exploitation allows an attacker to read or modify information, execute arbitrary code, or crash the application. These vulnerabilities are not remotely exploitable; an attacker must trick a user into opening a malicious file.

What this means

What could happen

An attacker with access to a workstation running CNCSoft ScreenEditor could modify or read design files, execute arbitrary code on that workstation, or crash the application, potentially disrupting the engineering workflow for CNC machine programming and commissioning.

Who's at risk

Manufacturing organizations using Delta Electronics CNCSoft ScreenEditor for CNC machine programming and commissioning should assess their exposure. This affects engineering teams and machine builders who rely on this software for design and configuration workflows.

How it could be exploited

An attacker would need to trick a user into opening a malicious file (e.g., via email attachment or compromised share) with ScreenEditor. The application would then process the malicious file content, triggering buffer overflow, out-of-bounds read, or memory corruption vulnerabilities that allow code execution or data theft on the engineering workstation.

Prerequisites

User must open a malicious file in ScreenEditor (social engineering required)
File must be in a format ScreenEditor processes (design or project file)
Local access to the workstation running ScreenEditor

low complexity exploitationuser interaction required (social engineering)local access only (not remotely exploitable)affects engineering workstations (could disrupt commissioning)

Exploitability

Moderate exploit probability (EPSS 1.3%)

Affected products (1)

ProductAffected VersionsFix Status

Industrial Automation CNCSoft ScreenEditor:≤ 1.01.231.01.26

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict ScreenEditor to open only trusted, internally-sourced design files; block users from opening files from email or untrusted shares

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CNCSoft ScreenEditor to version 1.01.26 or later

Long-term hardening

0/1

HARDENINGTrain users to not click email links or open unsolicited attachments, especially files from external senders

CVEs (3)

CVE-2020-16199 CVE-2020-16201 CVE-2020-16203

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dec789ec-8313-42f4-8eac-4e29289160ea