CVE-2019-10978

Summary

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.

Affected Software

VendorProductVersion RangeStatus
n/aRed Lion Controls Crimson (Windows configuration software)Version 3.0 and prior, Version 3.1 prior to release 3112.00affected

Weaknesses

  • CWE-119: IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References