Delta Electronics CNCSoft ScreenEditor
Plan Patch7.8ICS-CERT ICSA-23-026-01Jan 26, 2023
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
A buffer overflow vulnerability exists in Delta Electronics CNCSoft ScreenEditor (version 1.01.5 and earlier). Successful exploitation could allow code execution on the engineering workstation. The overflow is triggered during file parsing when a user opens a malicious CNCSoft project or file. Delta Electronics has released CNCSoft version 1.01.34 which corrects the vulnerability. This vulnerability is not remotely exploitable and requires local access and user interaction.
What this means
What could happen
A buffer overflow in CNCSoft ScreenEditor could allow an attacker with local access to run arbitrary code on the engineering workstation, potentially compromising control system configuration files or enabling lateral movement to connected PLCs or HMIs.
Who's at risk
This vulnerability affects organizations using Delta Electronics CNCSoft for motion control or process automation engineering. Specifically, teams managing Delta PLC/motion controllers on manufacturing floors, packaging lines, or process automation systems that use the CNCSoft ScreenEditor to configure and test control logic are at risk.
How it could be exploited
An attacker must have local access to a workstation running CNCSoft ScreenEditor (versions 1.01.5 or earlier) and trick a user into opening a malicious file or project. The overflow occurs during file parsing, allowing code execution in the context of the engineering application.
Prerequisites
- Local file system access to the workstation running CNCSoft
- User interaction required—attacker must convince user to open a malicious CNCSoft project or file
- CNCSoft ScreenEditor version 1.01.5 or earlier must be installed
Low complexity exploitationLocal attack vector only—not remotely exploitableRequires user interactionAffects engineering workstations, not field devices
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
CNCSoft: CNCSoft: All< 1.01.341.01.34
CNCSoft: Running ScreenEditor: All≤ 1.01.51.01.34
Remediation & Mitigation
0/4
Do now
0/2HARDENINGRestrict physical and logical access to engineering workstations running CNCSoft; control who can place files on these systems
HARDENINGEducate operators and engineers not to open CNCSoft projects or files from untrusted sources
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate CNCSoft to version 1.01.34 or later
Long-term hardening
0/1HARDENINGIsolate control system engineering networks from the corporate network and the Internet using firewalls
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2bb945ec-0f5e-4f5e-8092-9d982d5d6ed8