Delta Electronics CNCSoft-G2

Plan PatchCVSS 7.8ICS-CERT ICSA-24-284-21Oct 10, 2024

Delta Electronics

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics CNCSoft-G2 version 2.1.0.10 and earlier contain buffer overflow and memory handling vulnerabilities (CWE-121, CWE-787, CWE-122, CWE-125, CWE-457) that allow code execution when a user opens a malicious file. The vulnerability is not remotely exploitable and requires local file access or social engineering to trigger. Successful exploitation grants the attacker code execution with user privileges.

What this means

What could happen

An attacker with local access to a machine running CNCSoft-G2 could execute arbitrary code and gain full control of the system, potentially disrupting CNC machine operation, process programming, or control logic.

Who's at risk

Organizations operating Delta Electronics CNCSoft-G2 for CNC machine programming and control, including manufacturing facilities, machine shops, and automation integrators that use this software on engineering workstations.

How it could be exploited

An attacker must trick a user into opening a malicious attachment or file on a workstation running CNCSoft-G2. Upon successful exploitation, the attacker gains code execution with the privileges of the user who opened the file.

Prerequisites

Local file access or ability to socially engineer a user into opening a malicious attachment
CNCSoft-G2 version 2.1.0.10 or earlier installed and running
User interaction required (user must open the malicious file)

local access requiredrequires user interactionlow exploit probabilitylow complexity attackhigh impact (code execution)

Exploitability

Some exploitation risk — EPSS score 2.0%

Affected products (1)

ProductAffected VersionsFix Status

CNCSoft-G2: 2.1.0.102.1.0.102.1.0.16+

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict file-sharing and email attachments to engineering workstations running CNCSoft-G2; use email gateway controls to block executable and suspicious file types

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CNCSoft-G2 to version 2.1.0.16 or later

Long-term hardening

0/1

HARDENINGTrain users not to open unsolicited attachments or click links in unexpected emails

CVEs (5)

CVE-2024-47962 CVE-2024-47963 CVE-2024-47964 CVE-2024-47965 CVE-2024-47966

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/733bb482-31f3-4a37-b7fe-8ade587844dd

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.