CVE-2022-4634 - Vulnerability Details - OpenCVE

All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01037.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Deltaww	Cncsoft Screeneditor

Configuration 1 [-]

OR	cpe:2.3:a:deltaww:cncsoft::::::::
	cpe:2.3:a:deltaww:screeneditor::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-51964	All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.

Fixes

Solution

Delta Electronics released an updated version of CNCSoft and recommends users update to v1.01.34 or later https://downloadcenter.deltaww.com/en-US/DownloadCenter .

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-01

History

Thu, 16 Jan 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-02-02T22:53:40.907Z

Updated: 2025-01-16T21:58:12.760Z

Reserved: 2022-12-21T19:00:45.471Z

Link: CVE-2022-4634

Vulnrichment

Updated: 2024-08-03T01:48:39.487Z

NVD

Status : Modified

Published: 2023-02-03T03:15:08.140

Modified: 2024-11-21T07:35:38.370

Link: CVE-2022-4634

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4634", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2022-12-21T19:00:45.471Z", "datePublished": "2023-02-02T22:53:40.907Z", "dateUpdated": "2025-01-16T21:58:12.760Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ScreenEditor", "vendor": "Delta Industrial Automation", "versions": [{"lessThanOrEqual": "1.01.5", "status": "affected", "version": "all versions", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CNCSoft", "vendor": "Delta Industrial Automation", "versions": [{"lessThan": "v1.01.34", "status": "affected", "version": "all versions", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Simon Humbert, working with Trend Micro Zero Day Initiative"}], "datePublic": "2023-01-26T15:14:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>All versions prior to Delta Electronic\u2019s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.</p>"}], "value": "All versions prior to Delta Electronic\u2019s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-02-02T22:53:40.907Z"}, "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Delta Electronics released an updated version of CNCSoft and recommends users update to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&q=cncsoft&sort_expr=cdate&sort_dir=DESC\">v1.01.34 or later</a><span style=\"background-color: rgb(255, 255, 255);\">. </span>\n\n<br>"}], "value": "\nDelta Electronics released an updated version of CNCSoft and recommends users update to v1.01.34 or later https://downloadcenter.deltaww.com/en-US/DownloadCenter . \n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "CVE-2022-4634", "x_generator": {"engine": "VINCE 2.0.6", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2022-4634"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:48:39.487Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-01", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-16T20:32:07.343464Z", "id": "CVE-2022-4634", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T21:58:12.760Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-01", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:48:39.487Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-4634", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-16T20:32:07.343464Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T20:32:08.934Z"}}], "cna": {"title": "CVE-2022-4634", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Simon Humbert, working with Trend Micro Zero Day Initiative"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Delta Industrial Automation", "product": "ScreenEditor", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom", "lessThanOrEqual": "1.01.5"}], "defaultStatus": "unaffected"}, {"vendor": "Delta Industrial Automation", "product": "CNCSoft", "versions": [{"status": "affected", "version": "all versions", "lessThan": "v1.01.34", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nDelta Electronics released an updated version of CNCSoft and recommends users update to v1.01.34 or later https://downloadcenter.deltaww.com/en-US/DownloadCenter . \n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Delta Electronics released an updated version of CNCSoft and recommends users update to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&q=cncsoft&sort_expr=cdate&sort_dir=DESC\">v1.01.34 or later</a><span style=\"background-color: rgb(255, 255, 255);\">. </span>\n\n<br>", "base64": false}]}], "datePublic": "2023-01-26T15:14:00.000Z", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-01"}], "x_generator": {"env": "prod", "engine": "VINCE 2.0.6", "origin": "https://cveawg.mitre.org/api/cve/CVE-2022-4634"}, "descriptions": [{"lang": "en", "value": "All versions prior to Delta Electronic\u2019s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>All versions prior to Delta Electronic\u2019s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-02-02T22:53:40.907Z"}}}, "cveMetadata": {"cveId": "CVE-2022-4634", "state": "PUBLISHED", "dateUpdated": "2025-01-16T21:58:12.760Z", "dateReserved": "2022-12-21T19:00:45.471Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2023-02-02T22:53:40.907Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deltaww:cncsoft:*:*:*:*:*:*:*:*", "matchCriteriaId": "942E28CF-588F-465F-8200-10EADF03CD8B", "versionEndExcluding": "1.01.34", "vulnerable": true}, {"criteria": "cpe:2.3:a:deltaww:screeneditor:*:*:*:*:*:*:*:*", "matchCriteriaId": "783301BA-2578-438A-B06A-98111029C45D", "versionEndExcluding": "1.01.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "All versions prior to Delta Electronic\u2019s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.\n\n"}, {"lang": "es", "value": "Todas las versiones anteriores a la versi\u00f3n 1.01.34 de CNCSoft de Delta Electronic (que ejecutan las versiones 1.01.5 y anteriores de ScreenEditor) son vulnerables a un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria, lo que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario de forma remota."}], "id": "CVE-2022-4634", "lastModified": "2024-11-21T07:35:38.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-03T03:15:08.140", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}