Delta Electronics CNCSoft ScreenEditor

Plan PatchCVSS 7.8ICS-CERT ICSA-21-124-02May 4, 2021

Delta Electronics

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

CNCSoft ScreenEditor versions before 1.01.30 contain an out-of-bounds write vulnerability (CWE-787) that can be triggered by opening a specially crafted file. Successful exploitation could crash the application or allow arbitrary code execution on the workstation. The vulnerability requires user interaction to open a malicious file, typically via social engineering or email attachment.

What this means

What could happen

An attacker who tricks a user into opening a malicious file could crash CNCSoft ScreenEditor or execute arbitrary code on the engineering workstation, potentially affecting downstream control systems that depend on the software for configuration and monitoring.

Who's at risk

Engineering and automation teams at utilities, manufacturers, and facilities that use Delta Electronics CNCSoft ScreenEditor to configure and manage industrial control systems. This includes power plants, water treatment facilities, HVAC systems, and manufacturing lines that rely on CNCSoft for PLC and motion controller configuration.

How it could be exploited

An attacker crafts a specially formatted file (such as a project file or document) and delivers it via email or social engineering. When a user opens the file in CNCSoft ScreenEditor, an out-of-bounds write occurs in memory, allowing the attacker to execute arbitrary code with the privileges of the logged-in user.

Prerequisites

User interaction required: victim must open the malicious file in CNCSoft ScreenEditor
File must be in a format CNCSoft ScreenEditor can parse
Attacker must have a delivery mechanism (email, USB, file share)

User interaction required (reduces remote exploit likelihood but increases social engineering risk)Potential code execution on engineering workstationAffects configuration tool (could compromise downstream control systems if workstation is trusted)CVSS 7.8 (high)

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

CNCSoft ScreenEditor:< 1.01.301.01.30

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDRestrict the ability to open CNCSoft ScreenEditor project files to trusted sources only; disable opening files from untrusted locations or disable the feature if not operationally necessary

HARDENINGTrain users not to open unsolicited email attachments and to verify the source of any files before opening in engineering tools

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CNCSoft ScreenEditor to version 1.01.30 or later on all engineering workstations

CVEs (1)

CVE-2021-22672

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c70a875a-a1fa-4549-bb6c-21e1ca09f881

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.