๐ฏThere's a serious flaw in Delta Electronics' software that could let hackers take control of machines. It's like leaving your front door wide open. You need to lock it by updating your software!
What Happened
A serious vulnerability has been discovered in Delta Electronics' CNCSoft-G2 software that could allow attackers to execute remote code on affected devices. This flaw, identified as CVE-2026-3094, affects versions prior to V2.1.0.39. If exploited, it could lead to unauthorized access and control over critical manufacturing systems worldwide.
The vulnerability arises from an out-of-bounds write issue while parsing DPAX files in the DOPSoft component. This means that the software can be tricked into writing data outside of its intended memory space, potentially allowing hackers to inject malicious code. With such a high CVSS score of 7.8, this vulnerability is classified as HIGH severity, indicating that it poses a significant risk to users.
Additionally, a related vulnerability in Delta Electronics' ASDA-Soft software, identified as CVE-2026-5726, has also been reported. This vulnerability is a stack-based buffer overflow that can be triggered when parsing malformed .par files in ASDA-Soft versions up to 7.2.2.0. This further emphasizes the potential for widespread exploitation across multiple Delta Electronics products, raising concerns about the security of critical manufacturing infrastructures globally.
Why Should You Care
If you use Delta Electronics CNCSoft-G2 or ASDA-Soft, your systems could be at risk. Imagine your manufacturing equipment suddenly being controlled by someone outside your company. This could lead to production downtime, financial loss, or even safety hazards. Your business relies on secure software to operate efficiently, and vulnerabilities like this can jeopardize that security.
In todayโs interconnected world, where devices are often linked to the internet, itโs crucial to ensure that your systems are protected. Just like locking your front door keeps intruders out, updating your software can help safeguard your operations from cyber threats. Ignoring these vulnerabilities could leave your company exposed to serious risks.
What's Being Done
Delta Electronics is urging all users to update to version 2.1.0.39 for CNCSoft-G2 and to version 7.2.6.0 or later for ASDA-Soft to patch these vulnerabilities. You can find the updates on their download center. Additionally, CISA recommends several defensive measures:
- Minimize network exposure for all control systems.
- Use firewalls to isolate control systems from business networks.
- Implement secure methods like VPNs for remote access.
Experts are closely monitoring the situation for any signs of exploitation and advise organizations to remain vigilant. Be proactive and ensure your systems are up-to-date to mitigate potential risks.
The discovery of related vulnerabilities in both CNCSoft-G2 and ASDA-Soft highlights the need for comprehensive security measures across all Delta Electronics products to protect critical manufacturing systems.
