All CISA Advisories, EN

Delta Electronics CNCSoft-G2

2025-08-28 19:08

1. EXECUTIVE SUMMARY

CVSS v4 8.5
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: CNCSoft-G2
Vulnerability: Out-of-bounds Write

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on affected installations of the device.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Delta Electronics CNCSoft-G2 are affected:

CNCSoft-G2: Version 2.1.0.20 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 OUT-OF-BOUNDS WRITE CWE-787

Delta Electronics CNCSoft-G2 is vulnerable to a flaw in the parsing of DPAX files that allows attackers to execute arbitrary code. This vulnerability requires user interaction, such as visiting a malicious page or opening a malicious file. Exploitation of this flaw can result in memory corruption and code execution within the context of the current process.

CVE-2025-47728 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-47728. A base score of 8.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTE

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Delta Electronics CNCSoft-G2

Tags: All CISA Advisories EN

Post navigation

← Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit

GE Vernova CIMPLICITY →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

IT Security News Hourly Summary 2025-08-28 21h : 12 posts August 28, 2025

CISA Adds Citrix and Git Flaws to KEV Catalogue Amid Active Exploitation August 28, 2025

Why I recommend this $700 Lenovo laptop to both college students and working professionals August 28, 2025

I found a smart air purifier that doubles as a pet bed (and my cat loves it) August 28, 2025

I left my home with a robot vacuum on auto-pilot for 10 days – here are the results August 28, 2025

I asked Google Finance’s AI chatbot what stocks to buy – and its answer surprised me August 28, 2025

FBI, Dutch cops seize fake ID marketplace that sold identity docs for $9 August 28, 2025

How MCP in SaaS Security Helps You Outrun SaaS and AI Risks August 28, 2025

AI-Powered Ransomware: PromptLock August 28, 2025

How does China keep stealing our stuff, wonders DoD group responsible for keeping foreign agents out August 28, 2025

These 3 tablet charging habits are slowly killing your device – here’s what to do instead August 28, 2025

This Qi2 battery pack from Anker just made wireless charging essential for me August 28, 2025

Link up, lift up, level up August 28, 2025

How SafeLine WAF Turns Hackers’ Scanners into Trash August 28, 2025

Best Costco Labor Day deals 2025: 15+ sales up to $1,700 off August 28, 2025

Best Labor Day phone deals 2025: Save up to $300 on Samsung, Google, and more August 28, 2025

T-Mobile will give you 4 free iPhone 16 phones right now – here’s how to get yours August 28, 2025

How I lock and hide apps in a secret folder on my iPhone – and why August 28, 2025

You can now talk finance with Google’s newest AI chatbot – here’s how August 28, 2025

Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names August 28, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}