Delta Electronics ISPSoft

Plan Patch7.8ICS-CERT ICSA-25-119-02Apr 29, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics ISPSoft versions 3.19 and earlier contain buffer overflow and out-of-bounds write vulnerabilities that allow an attacker with local access to execute arbitrary code. Successful exploitation could allow modification of automation logic or device configurations. The vulnerability requires user interaction and is not remotely exploitable.

What this means

What could happen

An attacker with local access to a machine running ISPSoft could execute arbitrary code with the privileges of the logged-in user, potentially modifying automation logic or configurations in connected Delta controllers.

Who's at risk

This affects organizations using Delta Electronics ISPSoft for programming and configuring Delta PLCs and automation devices. Primary concern is engineering teams and automation integrators who develop and maintain PLC programs. Any site where ISPSoft is installed on workstations that handle sensitive automation logic is at risk.

How it could be exploited

An attacker must have local access to a workstation or engineering station running ISPSoft. They would exploit a buffer overflow or out-of-bounds write vulnerability to inject and execute malicious code, allowing modification of PLC programs or device configurations before deployment to production controllers.

Prerequisites

Local access to a workstation running ISPSoft
User interaction required (e.g., opening a malicious file)
ISPSoft version 3.19 or earlier

Local access requiredLow complexity exploitationHigh CVSS score (7.8)Affects engineering/development toolsNo authentication required once user is local to machineBuffer overflow and out-of-bounds write vulnerabilities

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

ISPSoft: <=3.19≤ 3.193.21

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict local access to engineering workstations running ISPSoft; limit login privileges to authorized personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ISPSoft to version 3.21 or later

Long-term hardening

0/2

HARDENINGIsolate engineering networks from business and internet-facing networks using firewalls and network segmentation

HARDENINGMonitor engineering workstations for suspicious file access or code execution attempts

CVEs (3)

CVE-2025-22882 CVE-2025-22883 CVE-2025-22884

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0bc4384c-4120-4385-a085-f313aa21f7cf