1. EXECUTIVE SUMMARY
- CVSS v4 7.3
- ATTENTION: Low attack complexity
- Vendor: Delta Electronics
- Equipment: CNCSoft
- Vulnerabilities: Out-of-bounds Write
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute code within the context of the current process.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Delta Electronics reports the following versions of CNCSoft, a human-machine interface, are affected:
- CNCSoft: v1.01.34 and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 OUT-OF-BOUNDS WRITE CWE-787
Delta Electronics CNCSoft does not properly validate user-supplied files. If a user opens a maliciously crafted file, an attacker can leverage this vulnerability to execute code within the context of the current process.
CVE-2025-47724 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-47724. A base score of 7.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H).
3.2.2 OUT-OF-BOUNDS WRITE CWE-787
Delta Electronics CNCSoft does not properly validate user-supplied files. If a user opens a maliciously crafted file, an attacker can leve
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: