Critical Vulnerability Information 1. Executive Summary CVSS v3: 7.8 Note: Exploitable by low skill level Vendor: Delta Electronics Device: Industrial Automation CNCSoft ScreenEditor Vulnerabilities: Stack-based buffer overflow, out-of-bounds read, access to uninitialized pointer 2. Risk Assessment Successful exploitation of these vulnerabilities may allow an attacker to read/modify information, execute arbitrary code, and/or cause application crashes. 3. Technical Details 3.1 Affected Products Industrial Automation CNCSoft ScreenEditor versions 1.01.23 and earlier are affected. 3.2 Vulnerability Overview 3.2.1 Stack Buffer Overflow CWE-121 Multiple stack overflow vulnerabilities may exist when processing specially crafted project files, potentially leading to arbitrary code execution, read/modify information, or application crashes. This vulnerability is assigned CVE-2020-16199, with a CVSS v3 base score of 7.8. 3.2.2 Out-of-bounds Read CWE-125 Multiple out-of-bounds read vulnerabilities may exist when processing specially crafted project files, potentially allowing an attacker to read information. This vulnerability is assigned CVE-2020-16201, with a CVSS v3 base score of 3.3. 3.2.3 Access to Uninitialized Pointer CWE-824 A vulnerability involving access to an uninitialized pointer may exist when processing specially crafted project files, potentially leading to read/modify information, arbitrary code execution, or application crashes. This vulnerability is assigned CVE-2020-16203, with a CVSS v3 base score of 7.8. 3.3 Background Critical Infrastructure Sector: Bulk Manufacturing Deployment Countries/Regions: Global Company Headquarters Location: Taiwan 4. Mitigation Measures Upgrade to the latest version of CNCSoft ScreenEditor Version 1.01.26. Restrict application interaction with trusted files only.