Delta Electronics CNCSoft

Plan Patch7.8ICS-CERT ICSA-22-132-01May 12, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics CNCSoft versions prior to 1.01.32 contain stack buffer overflow and out-of-bounds read vulnerabilities in project file handling. Successful exploitation allows arbitrary code execution or information disclosure when a user opens a malicious project file. The vulnerability is not remotely exploitable and requires user interaction to open a crafted file. Delta Electronics has released version 1.01.32 with fixes.

What this means

What could happen

An attacker could execute arbitrary code on a workstation running CNCSoft by tricking a user into opening a malicious project file, potentially allowing them to modify CNC machine programs or steal sensitive manufacturing data.

Who's at risk

Manufacturing facilities and machine shops that use Delta Electronics CNCSoft for CNC machine programming. This affects engineering and production staff who use CNCSoft to create or modify machine control programs.

How it could be exploited

An attacker crafts a malicious CNCSoft project file and sends it to a user (via email or file sharing). When the user opens the file in CNCSoft, the vulnerability (stack buffer overflow or out-of-bounds read) is triggered, allowing the attacker to run arbitrary code on the workstation with the privileges of the user running CNCSoft.

Prerequisites

User must open a malicious CNCSoft project file (.pjt or similar)
CNCSoft must be installed on the workstation
User must have file-opening privileges on the workstation

low complexityuser interaction required (file opening)stack buffer overflow and out-of-bounds read vulnerabilitiescould lead to arbitrary code execution

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

CNCSoft: All< 1.01.321.01.32

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGTrain users to only open project files from trusted sources and avoid clicking links or opening attachments from unsolicited emails

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CNCSoft to version 1.01.32 or later

Long-term hardening

0/1

HARDENINGImplement email filtering and user awareness training to reduce social engineering risk

CVEs (2)

CVE-2022-1405 CVE-2022-1404

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4f3a9ce0-b1a9-46c1-9446-9e0213ea169e