Delta Electronics CNCSoft and ScreenEditor
Plan Patch8.8ICS-CERT ICSA-18-219-01Aug 7, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Buffer overflow vulnerabilities (CWE-121, CWE-125) in Delta Electronics CNCSoft and ScreenEditor allow an attacker to execute arbitrary code with administrator privileges if a user opens a crafted file. The vulnerabilities affect CNCSoft versions 1.00.83 and earlier, and ScreenEditor version 1.00.54. Successful exploitation could allow an attacker to gain remote code execution with administrator privileges, potentially modifying machine control logic or stealing sensitive manufacturing data.
What this means
What could happen
An attacker could gain remote code execution with administrator privileges on systems running vulnerable versions of Delta CNCSoft or ScreenEditor, potentially allowing them to modify control logic, steal process data, or disrupt machine operations.
Who's at risk
Engineering and manufacturing teams using Delta Electronics CNCSoft (CNC machine control software) and ScreenEditor (machine interface editor) are affected. This includes any facility with CNC machines, injection molding equipment, or other Delta-controlled manufacturing systems where these tools are used on engineering workstations or operator terminals.
How it could be exploited
An attacker with network access to a machine running the vulnerable software could craft a malicious file and trick a user into opening it through social engineering or by placing it on a network share. Once opened, the vulnerability allows the attacker to execute arbitrary commands with the privileges of the application user.
Prerequisites
- Network access to the workstation running CNCSoft or ScreenEditor
- User interaction required—a user must open a malicious file in the application
- File can be delivered via email, USB, or network share accessible to the target workstation
Remotely exploitableLow complexity attackUser interaction requiredNo patch available for ScreenEditorHigh CVSS (8.8)
Exploitability
Moderate exploit probability (EPSS 4.8%)
Affected products (2)
1 with fix1 EOL
ProductAffected VersionsFix Status
CNCSoft:≤ 1.00.831.01.09
ScreenEditor:1.00.54No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDFor ScreenEditor, restrict the application to open only trusted files and avoid opening files from untrusted sources until a fix is available
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate CNCSoft to version 1.01.09 or later from the Delta Electronics download center
Mitigations - no patch available
0/2ScreenEditor: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate all machines running CNCSoft and ScreenEditor from the Internet and from the business network using firewalls and network segmentation
HARDENINGIf remote access to these machines is required, use a VPN with strong authentication and keep the VPN software up to date
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/15599621-9883-4838-b045-c2ed800178db