ICSA-24-191-01 · Published 2025-02-18 · View on CISA ICS-CERT ↗

Delta Electronics CNCSoft-G2 (Update A)

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could cause a buffer overflow condition and allow remote code execution.

CVE-2024-39880 CVE-2024-39881 CVE-2024-39882 CVE-2024-39883 CVE-2025-22880

Delta Electronics recommends users update to v2.1.0.20 or later.
Delta has published Delta-PCSA-2025-00002 in both English and Chinese on their security website to provide more details about these issues.
Delta also recommends the following general security practices:
Don't click on untrusted Internet links or open unsolicited attachments in emails.
Avoid exposing control systems and equipment to the Internet.
Place systems and devices behind a firewall and isolate them from the business network.
When remote access is required, use a secure access method, such as a virtual private network (VPN).
If you have any product-related support concerns, please find a contact from Delta's portal page to reach them for any information or materials you may require.

Delta Electronics

Delta Electronics · CNCSoft-G2 2.0.0.5

Delta Electronics · CNCSoft-G2 <=2.1.0.10

Critical Manufacturing, Energy

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.