Delta Electronics CNCSoft

MonitorCVSS 7.7ICS-CERT ICSA-25-175-02Jun 24, 2025

Delta Electronics

Attack path

Attack VectorLocal

Auth RequiredHigh

ComplexityLow

User InteractionRequired

Summary

Delta Electronics CNCSoft versions 1.01.34 and earlier contain a buffer overflow vulnerability (CWE-787) that allows code execution within the application process context. The vulnerability requires local access and administrator-level privileges, plus user interaction. Delta has discontinued the A-series CNC products that CNCSoft supports and will not issue patches. No public exploitation has been reported. The vulnerability is not remotely exploitable.

What this means

What could happen

An attacker with local access and high privileges could execute arbitrary code on a machine running CNCSoft, potentially disrupting CNC machining operations or compromising the integrity of manufacturing processes. This is a local threat with no remote attack path.

Who's at risk

Machine shops, manufacturing facilities, and any organization using legacy Delta A-series CNC equipment with CNCSoft control software. This affects CNC operators, maintenance technicians, and engineering staff who have local access to these machines.

How it could be exploited

An attacker must have local access to the machine where CNCSoft is running and must have administrator/high-privilege credentials. They would then need to interact with the application (possibly through a malicious file or email link) to trigger the buffer overflow and execute code in the process context.

Prerequisites

Local access to the computer running CNCSoft
High-privilege (administrator-level) user credentials
User interaction to open or interact with untrusted content
CNCSoft version 1.01.34 or earlier

no patch available (product discontinued)high privilege requiredlocal access only (not remotely exploitable)low complexity exploitation

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

CNCSoft: <=v1.01.34≤ v1.01.34No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict local access to CNCSoft machines to trusted personnel only; enforce role-based access control and limit administrator account privileges to those who need them.

HARDENINGTrain operators and engineers not to click untrusted Internet links or open unsolicited email attachments on machines with CNCSoft or CNC equipment access.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMigrate to newer Delta CNC products and corresponding software as soon as possible, as Delta has discontinued A-series CNC products and will remove CNCSoft from support.

Mitigations - no patch available

0/1

CNCSoft: <=v1.01.34 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate CNCSoft systems and CNC equipment from the business network using a firewall or network segmentation.

CVEs (4)

CVE-2025-47724 CVE-2025-47725 CVE-2025-47726 CVE-2025-47727

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ef38a3b2-9eda-4f35-a861-fe73a4d7ef3f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.