Delta Electronics ISPSoft

Plan PatchCVSS 7.8ICS-CERT ICSA-25-119-02Apr 29, 2025

Delta Electronics

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics ISPSoft versions 3.19 and earlier contain buffer overflow and out-of-bounds write vulnerabilities (CWE-121, CWE-787) that could allow an attacker with local access to execute arbitrary code with the privileges of the ISPSoft user. These vulnerabilities are not exploitable remotely and require user interaction such as opening a malicious file. Successful exploitation could give an attacker the ability to modify control logic, configurations, or ladder diagrams before they are deployed to Delta control devices.

What this means

What could happen

An attacker with local access to a system running ISPSoft could execute arbitrary code, potentially gaining control of the engineering workstation and the ability to modify control logic or configurations sent to Delta PLCs and other devices.

Who's at risk

Engineering teams and automation specialists at manufacturing facilities, utilities, and process industries using Delta Electronics ISPSoft (version 3.19 or earlier) to program and configure Delta PLCs, motion controllers, and HMI systems are affected. This includes anyone with ISPSoft installed on their engineering workstations.

How it could be exploited

An attacker with physical or local network access to a Windows machine running ISPSoft could trigger a buffer overflow or similar memory corruption vulnerability through a specially crafted file or input, resulting in code execution with the privileges of the user running the application.

Prerequisites

Local or direct network access to the Windows machine running ISPSoft
User action required (e.g., opening a malicious file or project)
ISPSoft version 3.19 or earlier

Arbitrary code execution on engineering workstationLow attack complexityUser interaction requiredNo public exploitation reported yet

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

ISPSoft: <=3.19≤ 3.193.21

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict physical and network access to ISPSoft workstations to authorized engineering personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ISPSoft to version 3.21 or later

Long-term hardening

0/2

HARDENINGIsolate engineering workstations from general business network where feasible

HARDENINGImplement file integrity monitoring on engineering workstations to detect unauthorized modifications to control logic or configurations

CVEs (3)

CVE-2025-22882 CVE-2025-22883 CVE-2025-22884

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0bc4384c-4120-4385-a085-f313aa21f7cf

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.