CVE-2024-4192

Published Apr 30, 2024

Last updated 8 months ago

CVSS high 7.8
ICS

Overview

Description
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Source
ics-cert@hq.dhs.gov
NVD status
Analyzed
Products
cncsoft-g2

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

ics-cert@hq.dhs.gov
CWE-121

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.CVE-2026-3094
  2. ASDA-Soft Stack-based Buffer Overflow VulnerabilityCVE-2026-1361
  3. Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.CVE-2025-58317
  4. Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.CVE-2025-58319
  5. Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.CVE-2025-47728

References

Sources include official advisories and independent security research.