Delta Electronics CNCSoft-G2

Plan PatchCVSS 7.8ICS-CERT ICSA-25-063-06Mar 4, 2025

Delta Electronics

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

CNCSoft-G2 versions up to v2.1.0.10 contain a vulnerability (CWE-122) that could allow an attacker to execute code locally. The vulnerability requires user interaction (such as clicking a link or opening an attachment) and local access to the system. It is not remotely exploitable.

What this means

What could happen

An attacker with local access who can trick a user into clicking a malicious link or opening an attachment could execute arbitrary code on the CNCSoft-G2 system, potentially allowing them to modify control logic, alter process parameters, or disrupt manufacturing or industrial operations.

Who's at risk

Manufacturing and industrial automation facilities using Delta Electronics CNCSoft-G2 (versions v2.1.0.10 or earlier) for CNC machine control, process automation, or motion control should prioritize updating this software. Risk is highest in environments where engineering workstations or operator terminals are connected to email or general internet access.

How it could be exploited

An attacker creates a malicious email or internet link targeting a CNCSoft-G2 operator or engineer. When the user clicks the link or opens an attachment on a system running vulnerable CNCSoft-G2, the attacker's code executes with the privileges of the logged-in user. From there, the attacker can modify control software, process setpoints, or stop operations.

Prerequisites

Local access to the CNCSoft-G2 system
User interaction required (clicking a malicious link or opening an attachment)
CNCSoft-G2 version v2.1.0.10 or earlier running on the target system

low complexityuser interaction requiredlocal access only, not remotely exploitableaffects industrial control software

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

CNCSoft-G2: <=V2.1.0.10≤ V2.1.0.10v2.1.0.20

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGTrain operators and engineers to avoid clicking links in unsolicited emails and opening unexpected attachments, especially on systems running CNCSoft-G2

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CNCSoft-G2 to version v2.1.0.20 or later

Long-term hardening

0/1

HARDENINGIsolate CNCSoft-G2 systems and engineering workstations from the general business network using a firewall or network segmentation

CVEs (1)

CVE-2025-22881

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2fccc456-053b-4488-b2e0-e81cf316c905

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.