Delta Electronics ASDA-Soft

Plan Patch7.8ICS-CERT ICSA-22-111-01Apr 21, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics ASDA-Soft versions 5.4.1.0 and earlier contain buffer overflow vulnerabilities (CWE-125, CWE-787) that may allow arbitrary code execution. The vulnerabilities require local access and user interaction (opening a malicious project file). No known public exploits exist, and the vulnerabilities are not remotely exploitable.

What this means

What could happen

An attacker could execute arbitrary code on a machine running ASDA-Soft by tricking a user into opening a malicious project file, potentially allowing them to modify control logic, steal system configurations, or disrupt your automation engineering environment.

Who's at risk

Delta Electronics ASDA-Soft users who use the software to program Delta drives and motion controllers, particularly electrical engineering and automation technicians at manufacturing facilities, water treatment plants, and utilities. The risk is highest in environments where engineers receive files from external sources or use shared file repositories.

How it could be exploited

An attacker crafts a malicious ASDA-Soft project file and sends it to an engineer or technician via email or file sharing. When the victim opens the file in ASDA-Soft versions 5.4.1.0 or earlier, the buffer overflow is triggered, allowing arbitrary code execution on the workstation. The attacker could then access the engineering environment, modify PLC programs, or move laterally to the control network.

Prerequisites

Local access to a workstation running ASDA-Soft version 5.4.1.0 or earlier
User interaction required: engineer or technician must open a malicious project file
File can be delivered via email, USB drive, or network file share

low complexity exploitationuser interaction required (social engineering vector)affects engineering workstations that may have access to control networksno patch available for older unsupported versions

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

ASDA-Soft:≤ 5.4.1.05.5.0.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict opening of project files to those from verified trusted sources; do not open unsolicited file attachments or project files from unknown senders

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ASDA-Soft to version 5.5.0.0 or later on all workstations

HARDENINGImplement file scanning and email filtering to detect and block suspicious project files before they reach users

Long-term hardening

0/1

HARDENINGIsolate engineering workstations from the business and control networks where feasible; use air-gapped networks or VPNs for remote engineering access

CVEs (2)

CVE-2022-1402 CVE-2022-1403

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9ff0b3fb-d9df-4500-a1de-da386d3917c0