OTPulse
FeedAboutContact

Delta Electronics CNCSoft ScreenEditor

Plan Patch7.8ICS-CERT ICSA-21-005-06Jan 5, 2021
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

A buffer overflow vulnerability in CNCSoft ScreenEditor (CWE-121) allows arbitrary code execution when a user opens a specially crafted project file. The vulnerability exists in versions prior to 1.01.26. This vulnerability is not remotely exploitable and requires local access and user interaction. Delta Electronics has released version 1.01.28 to address this issue.

What this means
What could happen
An attacker with local access could execute arbitrary code on systems running CNCSoft ScreenEditor, potentially allowing them to modify or disrupt manufacturing or process control operations if this software is integrated with production equipment.
Who's at risk
Manufacturing facilities and utilities that use Delta Electronics CNCSoft ScreenEditor for control system configuration and programming, particularly organizations with engineering workstations connected to or near production networks.
How it could be exploited
An attacker would need to trick a user into opening a malicious file (such as a project file) on a system where CNCSoft ScreenEditor is installed. When the file is opened, the vulnerability in the software's input handling could allow the attacker's code to run with the same privileges as the user running the application.
Prerequisites
  • Local access to a system with CNCSoft ScreenEditor installed
  • User interaction required (user must open a malicious file)
  • CNCSoft ScreenEditor version earlier than 1.01.26
Local access requiredUser interaction requiredLow complexity attackAffects software used to program industrial controllers
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
CNCSoft ScreenEditor - CNCSoft ScreenEditor< 1.01.261.01.28
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict file access to ScreenEditor project files—only authorized engineering staff should be able to modify these files
WORKAROUNDEducate users not to open project files from untrusted sources
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CNCSoft ScreenEditor to version 1.01.28 or later on all systems
Long-term hardening
0/1
HARDENINGDisable or remove CNCSoft ScreenEditor from systems where it is no longer needed
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/45731813-5631-4541-afd5-666c7da478b5
Delta Electronics CNCSoft ScreenEditor | CVSS 7.8 - OTPulse