Delta Electronics CNCSoft-G2 (Update A)

Plan Patch7.8ICS-CERT ICSA-24-191-01Jul 9, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics CNCSoft-G2 versions 2.0.0.5 and earlier than 2.1.0.20 contain multiple buffer overflow vulnerabilities (CWE-121, CWE-787, CWE-125, CWE-122) that could allow remote code execution if a user opens a malicious file. The vulnerabilities are not remotely exploitable over the network but require local user interaction—specifically, opening a crafted file in the application. Successful exploitation would grant an attacker code execution on the engineering workstation with the ability to modify CNC machine programs and parameters.

What this means

What could happen

A user could trigger a buffer overflow in CNCSoft-G2 by opening a malicious file, allowing an attacker to execute arbitrary code on the engineering workstation. This could enable modification of CNC machine programs or control parameters before they reach the shop floor.

Who's at risk

Any organization operating CNC machines programmed or configured through Delta Electronics CNCSoft-G2. This includes manufacturers using multi-axis CNC machining centers, precision manufacturers, and job shops. Engineering and programming teams are directly at risk.

How it could be exploited

An attacker creates a malicious file (likely a project or document file) and sends it to an engineer. When the engineer opens the file in CNCSoft-G2, the buffer overflow is triggered, and the attacker's code runs with the privileges of the CNCSoft-G2 process on that workstation. From there, the attacker could modify machine programs or configuration before they are deployed to CNC equipment.

Prerequisites

User interaction required - engineer must open a malicious file in CNCSoft-G2
Access to send file to target user (email, file share, USB)
Vulnerable version of CNCSoft-G2 installed (2.0.0.5 or ≤2.1.0.10)
CNCSoft-G2 must be running on the engineer's workstation

User interaction requiredLow complexityLocal access only (file-based attack vector)High CVSS score (7.8)Affects engineering workstations that control production equipment

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

CNCSoft-G2: <=2.1.0.10≤ 2.1.0.102.1.0.20 or later

CNCSoft-G2: 2.0.0.52.0.0.52.1.0.20 or later

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDEducate engineers not to open unsolicited file attachments or files from untrusted sources in CNCSoft-G2

HARDENINGRestrict file sharing and email attachment capabilities to engineering workstations; consider blocking executable attachments

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Delta CNCSoft-G2 to version 2.1.0.20 or later

Long-term hardening

0/1

HARDENINGIsolate engineering workstations running CNCSoft-G2 from the business network and the Internet using network segmentation or a DMZ

CVEs (5)

CVE-2024-39880 CVE-2024-39881 CVE-2024-39882 CVE-2024-39883 CVE-2025-22880

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/95936690-99ea-41d0-86ec-e174e198719d