Delta Electronics ASDA-Soft

Plan PatchCVSS 7.8ICS-CERT ICSA-26-048-02Feb 17, 2026

Delta Electronics

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

A stack buffer overflow vulnerability exists in Delta Electronics ASDA-Soft versions 7.2.0.0 and earlier. The vulnerability allows an attacker to write arbitrary data beyond the bounds of a stack-allocated buffer, corrupting the structured exception handler (SEH). Successful exploitation could lead to arbitrary code execution on affected systems. Delta has released version 7.2.2.0 to address this issue.

What this means

What could happen

An attacker could exploit a buffer overflow in ASDA-Soft to execute arbitrary code on systems where the software is installed, potentially allowing them to manipulate control logic or interfere with industrial automation operations.

Who's at risk

This vulnerability affects operators and administrators of Delta Electronics ASDA-Soft industrial automation software. It is relevant to organizations using ASDA-Soft for delta-based motion control, particularly in manufacturing, packaging, and energy sectors where this software controls stepper or servo drives.

How it could be exploited

An attacker sends a specially crafted file or network input to ASDA-Soft that triggers a stack buffer overflow. This overwrites the structured exception handler (SEH), allowing the attacker to redirect program execution to malicious code when an exception occurs.

Prerequisites

Local or direct file access to the system running ASDA-Soft
User interaction required (opening a file or clicking a link)
ASDA-Soft version 7.2.0.0 or earlier installed

Local code execution possibleUser interaction requiredAffects automation softwareNo patch available for older versions

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

ASDA-Soft: <=7.2.0.0≤ 7.2.0.0v7.2.2.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDo not click on untrusted internet links or open unsolicited email attachments, especially on systems running ASDA-Soft

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ASDA-Soft to version 7.2.2.0 or later from the Delta Download Center

Long-term hardening

0/2

HARDENINGIsolate ASDA-Soft systems from the business network using network segmentation or firewalls

HARDENINGAvoid exposing ASDA-Soft systems and associated control equipment to the Internet

CVEs (1)

CVE-2026-1361

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/45a12c54-e2ea-4c08-b6a6-f675b8a12916

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.