OTPulse
FeedAboutContact

Delta Electronics CNCSoft

Plan Patch7.8ICS-CERT ICSA-21-334-03Nov 30, 2021
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

CNCSoft versions 1.01.30 and earlier contain a stack-based buffer overflow (CWE-121) that allows arbitrary code execution. The vulnerability requires local access and user interaction to trigger, such as opening a malicious file. Successful exploitation could allow an attacker to run code with the privileges of the logged-in user, potentially altering CNC programs, production parameters, or machine behavior.

What this means
What could happen
An attacker with local access to a system running CNCSoft could execute arbitrary code with the privileges of the logged-in user, potentially allowing them to modify CNC program parameters, alter production settings, or disrupt manufacturing operations.
Who's at risk
Manufacturing facilities and machine shops using Delta Electronics CNCSoft for CNC machine programming and control. This affects engineering workstations and production control systems that run CNCSoft for tool path generation, parameter configuration, and machine communication.
How it could be exploited
An attacker must first gain local access to a machine running vulnerable CNCSoft (version 1.01.30 or earlier). They could then trigger the vulnerability through a malicious file or user interaction—such as opening a crafted document or project file—to execute arbitrary code on the system.
Prerequisites
  • Local access to a Windows system running CNCSoft
  • User interaction required (opening a file or triggering a specific action)
  • CNCSoft version 1.01.30 or earlier installed
Local access requiredUser interaction requiredAffects machine control and production programmingNo public exploit available
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (1)
ProductAffected VersionsFix Status
CNCSoft:≤ 1.01.301.01.31
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict physical and local network access to engineering workstations running CNCSoft
HARDENINGTrain users not to open unsolicited email attachments or click untrusted links that could deliver malicious files to CNCSoft systems
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade CNCSoft to version 1.01.31 or later on all affected systems
Long-term hardening
0/1
HARDENINGIsolate CNC programming and control system networks from the business network using firewalls
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/9c52f866-e5f6-47b0-b0ef-22551d279783