Delta Electronics CNCSoft-G2 DOPSoft (Update A)

Plan Patch7.8ICS-CERT ICSA-24-121-01Apr 30, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

A buffer overflow vulnerability in Delta Electronics CNCSoft-G2 exists that allows arbitrary code execution when a user opens a malicious file in the application. The vulnerability affects CNCSoft-G2 versions 2.0.0.5 with DOPSoft v5.0.0.93 and 2.1.0.27 or earlier. This is not remotely exploitable and requires local access and user interaction to trigger. An attacker with ability to deliver a crafted file to an engineering workstation could execute code with the application's privileges, potentially modifying CNC programs or machine parameters.

What this means

What could happen

An attacker with local access to a machine running CNCSoft-G2 could execute arbitrary code with the privileges of the application, potentially allowing them to modify CNC programs, alter machine parameters, or disrupt manufacturing operations.

Who's at risk

This vulnerability affects manufacturing facilities that use Delta Electronics CNCSoft-G2 for CNC (Computer Numerical Control) programming and machine control. Engineering teams and operators who work with CNC machines running this software should be aware that older versions are vulnerable to local code execution attacks that could disrupt production.

How it could be exploited

An attacker must have local access to the machine where CNCSoft-G2 is installed and open a malicious file or interact with the application to trigger the buffer overflow. The attack vector is local and requires user interaction (opening a file), which typically happens when an engineer is lured to open a crafted file via email or file sharing.

Prerequisites

Local access to the machine running CNCSoft-G2
User interaction required (opening a malicious file or input)
Vulnerable version of CNCSoft-G2 installed (2.0.0.5 with DOPSoft v5.0.0.93 or 2.1.0.27 or earlier)

Local access requiredUser interaction neededBuffer overflow vulnerabilityCan lead to arbitrary code executionAffects CNC manufacturing control

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

CNCSoft-G2: <=2.1.0.27≤ 2.1.0.272.1.0.4 or later (CVE-2024-4192); 2.1.0.34 or later (CVE-2025-58319)

CNCSoft-G2: <=2.0.0.5_with_DOPSoft_v5.0.0.93≤ 2.0.0.5 with DOPSoft v5.0.0.932.1.0.4 or later (CVE-2024-4192); 2.1.0.34 or later (CVE-2025-58319)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict local access to engineering workstations running CNCSoft-G2 to authorized personnel only; implement physical access controls to machines hosting the software

HARDENINGEducate engineering staff to avoid opening files from untrusted sources, especially CNC program files received via email

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CNCSoft-G2 to version 2.1.0.4 or later to address CVE-2024-4192

HOTFIXUpdate CNCSoft-G2 to version 2.1.0.34 or later to address CVE-2025-58319

Long-term hardening

0/1

HARDENINGIsolate CNC programming networks from the business network using firewalls and air-gapping where possible

CVEs (2)

CVE-2024-4192 CVE-2025-58319

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d3feabdf-681e-49ec-9e6a-192cce400600