Delta Electronics ASDA-Soft

MonitorCVSS 7.8ICS-CERT ICSA-26-106-01Apr 16, 2026

Delta Electronics

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

A stack-based buffer overflow vulnerability in ASDA-Soft versions 7.2.2.0 and earlier could allow an attacker to execute arbitrary code by tricking a user into opening a malicious file. The vulnerability is triggered during file parsing and could compromise the integrity of engineering workflows and connected motor drive configurations.

What this means

What could happen

An attacker could execute arbitrary code on a workstation running ASDA-Soft, potentially compromising engineering workflows and allowing unauthorized changes to drive configuration or parameters in connected Delta motor drives and power equipment.

Who's at risk

Organizations using Delta Electronics ASDA-Soft to configure and manage Delta motor drives (ASDA series) and variable frequency drives should prioritize this update. This affects any facility with Delta motion control or industrial drive systems that rely on ASDA-Soft for commissioning, troubleshooting, or parameter management.

How it could be exploited

An attacker could craft a malicious file and trick a user into opening it in ASDA-Soft through email or internet link. Upon opening the file, a stack-based buffer overflow would trigger, allowing the attacker to execute code with the privileges of the user running the application.

Prerequisites

User must open a malicious file in ASDA-Soft
File must be crafted to trigger the buffer overflow during parsing
ASDA-Soft version 7.2.2.0 or earlier must be installed

Stack-based buffer overflowArbitrary code executionUser interaction required (file open)No authentication required

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

ASDA-Soft≤ V7.2.2.0Fix available

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict email delivery of files that could be opened in ASDA-Soft (e.g., filter attachments by extension)

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ASDA-Soft to version 7.2.6.0 or later

Long-term hardening

0/2

HARDENINGRestrict ASDA-Soft to run only on isolated engineering workstations that do not have internet access

HARDENINGTrain users not to open unexpected attachments or files from untrusted sources in ASDA-Soft

CVEs (1)

CVE-2026-5726

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8ad9d494-36d7-4071-b58d-0f7256ff829d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.