Delta Electronics ASDA-Soft

Plan Patch7.8ICS-CERT ICSA-25-296-04Oct 23, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

ASDA-Soft versions 7.0.2.0 and earlier contain a buffer overflow vulnerability (CWE-121) that allows an attacker to write data outside the allocated memory buffer. Exploitation requires a user to open a malicious file and is not remotely exploitable. The vulnerability could lead to application crash or arbitrary code execution with the privileges of the user running ASDA-Soft.

What this means

What could happen

An attacker could write data outside allocated memory buffers in ASDA-Soft, potentially crashing the application or executing arbitrary code if they can trick a user into opening a malicious file.

Who's at risk

Organizations using Delta Electronics ASDA-Soft for drive control and motion system configuration are affected, particularly those running version 7.0.2.0 or earlier. This impacts maintenance engineers and technicians who use the software on engineering workstations.

How it could be exploited

An attacker crafts a malicious file (likely a project or configuration file for ASDA-Soft) and tricks a user into opening it on a machine running the software. The buffer overflow condition is triggered during file parsing, allowing memory corruption.

Prerequisites

ASDA-Soft version 7.0.2.0 or earlier must be installed
User interaction required—attacker must socially engineer the user to open a malicious file
Local access to the machine running ASDA-Soft (not remotely exploitable)

User interaction required (high social engineering risk)Local code execution possible after exploitationBuffer overflow vulnerability (memory corruption)Affects engineering workstations (potential supply chain attack vector)

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

ASDA-Soft: <=7.0.2.0≤ 7.0.2.07.1.1.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDo not click on untrusted Internet links or open unsolicited email attachments

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ASDA-Soft to version 7.1.1.0 or newer

Long-term hardening

0/2

HARDENINGRestrict user permissions on machines running ASDA-Soft to limit ability to install or execute untrusted files

HARDENINGPlace ASDA-Soft systems behind a firewall and isolate from the business network where possible

CVEs (2)

CVE-2025-62579 CVE-2025-62580

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e7c7e9e2-e6ee-4c70-b5eb-236477106d30