Delta Electronics CNCSoft-G2

Plan Patch7.8ICS-CERT ICSA-25-063-06Mar 4, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics CNCSoft-G2 versions v2.1.0.10 and earlier contain a buffer overflow vulnerability (CWE-122) that could allow an attacker to execute arbitrary code on the affected system. The vulnerability requires local access and user interaction to exploit.

What this means

What could happen

An attacker with local access to a workstation running CNCSoft-G2 could execute arbitrary commands on the machine, potentially allowing them to modify CNC program files, alter machine control parameters, or disrupt manufacturing operations controlled by the software.

Who's at risk

Manufacturing facilities and machine shops using Delta Electronics CNCSoft-G2 for CNC program development and control should be concerned. This affects engineering workstations and programming stations where CNC code is developed, edited, and uploaded to CNC machines. Any facility with CNCSoft-G2 version v2.1.0.10 or earlier is at risk.

How it could be exploited

An attacker would need to deliver a malicious file (likely via email attachment or USB) to a user with CNCSoft-G2 installed, then trick them into opening or processing the file within the application. This would trigger the buffer overflow, allowing code execution with the privileges of the user running the software.

Prerequisites

Local file system access to the machine running CNCSoft-G2
User interaction required (opening a malicious file in CNCSoft-G2)
CNCSoft-G2 version v2.1.0.10 or earlier must be installed

buffer overflow vulnerabilitylocal code execution possiblerequires user interactionno patch currently available for all versionsaffects software used to program industrial equipment

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

CNCSoft-G2: <=V2.1.0.10≤ V2.1.0.10v2.1.0.20

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDImplement email security controls to block or quarantine suspicious attachments; train users not to open unexpected files from external sources

WORKAROUNDDisable or restrict removable media (USB drives) on workstations running CNCSoft-G2 to prevent malicious file transfer

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CNCSoft-G2 to version v2.1.0.20 or later

Long-term hardening

0/2

HARDENINGRestrict local access to workstations running CNCSoft-G2; limit who can log in and access the system

HARDENINGIsolate engineering workstations running CNCSoft-G2 from the business network and the Internet; use a dedicated network segment for CNC programming activities

CVEs (1)

CVE-2025-22881

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2fccc456-053b-4488-b2e0-e81cf316c905