OTPulse
FeedAboutContact

Delta Electronics CNCSoft ScreenEditor

Plan Patch7.8ICS-CERT ICSA-21-110-04Apr 20, 2021
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Delta Electronics CNCSoft ScreenEditor versions 1.01.28 and earlier with ScreenEditor version 1.01.2 contain a buffer overflow vulnerability (CWE-125) that could allow arbitrary code execution if a user opens a malicious file. The vulnerability is exploitable only through local access and requires user action to open a crafted file; it is not remotely exploitable. Delta Electronics has released update v1.01.30 to address this issue.

What this means
What could happen
An attacker could execute arbitrary code on a system running vulnerable CNCSoft ScreenEditor, potentially compromising the integrity of CNC machine control programs or engineering configurations used to manage industrial equipment.
Who's at risk
Manufacturing and industrial control facilities using Delta Electronics CNCSoft for CNC machine programming and configuration. This affects engineering workstations where CNC program development occurs, and any system where ScreenEditor is used to create or modify control logic for machine tools.
How it could be exploited
An attacker would need to trick a user into opening a malicious file (likely a crafted ScreenEditor project or document) on a machine with vulnerable CNCSoft ScreenEditor installed. When the file is opened, the vulnerability could allow the attacker's code to run with the privileges of the user who opened the file.
Prerequisites
  • Local file system access or ability to deliver a malicious file to a user
  • User action required: victim must open a malicious ScreenEditor file or project
  • Vulnerable version of CNCSoft ScreenEditor installed (v1.01.28 or earlier with ScreenEditor v1.01.2)
Arbitrary code execution capabilityUser interaction required (file opening)Social engineering attack vectorAffects engineering/programming environment
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (1)
ProductAffected VersionsFix Status
CNCSoft:≤ 1.01.28 (with ScreenEditor Version 1.01.2)v1.01.30
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGEducate users not to open unsolicited attachments or click suspicious links in email, especially files claiming to be ScreenEditor projects
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CNCSoft ScreenEditor to version v1.01.30 or later on all affected systems
Long-term hardening
0/1
HARDENINGImplement file-level access controls to restrict who can modify ScreenEditor project files on engineering workstations
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/d6860dd3-daba-4281-a8eb-136ff2529a79
Delta Electronics CNCSoft ScreenEditor | CVSS 7.8 - OTPulse