Delta Electronics CNCSoft

Monitor7.7ICS-CERT ICSA-25-175-02Jun 24, 2025

Attack VectorLocal

Auth RequiredHigh

ComplexityLow

User InteractionRequired

Summary

Delta Electronics CNCSoft contains a buffer overflow vulnerability (CWE-787) that could allow an attacker to execute arbitrary code within the CNCSoft process. The vulnerability affects CNCSoft version 1.01.34 and earlier. Delta Electronics has discontinued support for the A-series CNC products that CNCSoft controls and does not plan to release a patch. The vendor recommends users migrate to newer Delta CNC products and software. This vulnerability is not remotely exploitable and requires local access, high privileges, and user interaction.

What this means

What could happen

An attacker with local access and elevated privileges could execute arbitrary code within CNCSoft, potentially altering CNC machine parameters or stopping machining operations. Since CNCSoft is a control interface for discontinued Delta A-series CNC products, this could disrupt manufacturing or production processes dependent on those machines.

Who's at risk

Organizations operating discontinued Delta A-series CNC machines controlled by CNCSoft are at risk. This affects manufacturing facilities, job shops, and production lines using older Delta CNC equipment. The vulnerability is most relevant if those systems are still in production and the engineering workstations running CNCSoft are accessible to multiple users or connected to untrusted networks.

How it could be exploited

An attacker must be physically present at or have local network access to the engineering workstation running CNCSoft, and must have high-level user privileges and user interaction (e.g., tricking an operator to run a malicious file). The attacker could then execute code with the permissions of the CNCSoft process.

Prerequisites

Local access to the system running CNCSoft
High-level user privileges (administrative or elevated account)
User interaction required (e.g., opening a malicious file or clicking a link)
CNCSoft version 1.01.34 or earlier

No patch available (product end-of-life)High-impact code execution capabilityRequires elevated privileges and user interaction (mitigating factor)Local access only (not remotely exploitable)

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

CNCSoft: <=v1.01.34≤ v1.01.34No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/3

WORKAROUNDDisable or remove CNCSoft from systems if the Delta A-series CNC equipment is no longer in use

HARDENINGRestrict local access to engineering workstations running CNCSoft; limit user privileges to non-administrative accounts where operationally feasible

WORKAROUNDDo not click on untrusted Internet links or open unsolicited email attachments on systems running CNCSoft

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMigrate to newer Delta CNC products and corresponding software as soon as possible

Mitigations - no patch available

0/2

CNCSoft: <=v1.01.34 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate CNC control systems from the business network

HARDENINGIf remote access to CNC systems is required, use a secure method such as a VPN

CVEs (4)

CVE-2025-47724 CVE-2025-47725 CVE-2025-47726 CVE-2025-47727

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ef38a3b2-9eda-4f35-a861-fe73a4d7ef3f