Post

Delta Electronics ASDA-Soft Vulnerability Advisory

Posted
By ictsec.pl
1 min read
Delta Electronics ASDA-Soft Vulnerability Advisory

Delta Electronics ASDA-Soft Vulnerability Advisory 🚨

Date Published: February 17, 2026

A stack-based buffer overflow vulnerability (CVE-2026-1361) exists in ASDA_Soft version 7.2.0.0 when parsing .par files. The root cause is the improper validation of a user-controlled size parameter, which is checked incorrectly against the upper limits of the local buffer. This allows data to be written past the end of the buffer. Successful exploitation of this vulnerability may allow an attacker to write arbitrary data beyond the bounds of a stack-allocated buffer, leading to the corruption of a structured exception handler (SEH). The following versions of Delta Electronics ASDA-Soft are affected: ASDA-Soft <= 7.2.0.0.

Impact: This vulnerability is relevant to CWE: CWE-121 Stack-based Buffer Overflow and affects critical infrastructure sectors, specifically Critical Manufacturing.

Delta has fixed this vulnerability and released a new version v7.2.2.0 at the Delta Download Center. For more information, users can refer to Delta Electronics advisory Delta-PCSA-2026-00003 at Delta Electronics Advisory.

Recommendations 🛡️

Delta Electronics provides general recommendations:

  • Do not click on untrusted internet links or open unsolicited attachments in emails.
  • Avoid exposing control systems and equipment to the Internet.
  • Place control system networks and remote devices behind firewalls, and isolate them from the business network.
  • When remote access is required, use a secure access method, such as a virtual private network (VPN).

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Organizations should perform proper impact analysis and risk assessment prior to deploying defensive measures and implement recommended cybersecurity strategies for proactive defense of ICS assets.

For additional mitigation guidance and recommended practices, visit the ICS webpage at CISA ICS.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

For the complete article, see: Read full article

CYBERSECURITY
DELTA ELECTRONICS VULNERABILITY CYBERSECURITY BUFFER OVERFLOW ICS-CERT
This post is licensed under CC BY 4.0 by the author.