← Back to home
ICSA-21-334-03  ·  Published 2021-11-30  ·  View on CISA ICS-CERT ↗

Delta Electronics CNCSoft

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow for arbitrary code execution.

CVEs (1)

Remediations

  • Delta Electronics has released an updated version of CNCSoft and recommends users install v1.01.31 and later on all affected systems.
  • Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing a VPN is only as secure as its connected devices.
  • Do not click web links or open unsolicited attachments in email messages.
  • Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
  • Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

Affected Vendors

Delta Electronics

Affected Products (1)

Delta Electronics · CNCSoft <= 1.01.30

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more