Login Sign Up

CVE-2021-22664

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on affected CNCSoft-B systems by exploiting an out-of-bounds write condition. Industrial control systems using Delta Electronics CNCSoft-B versions 1.0.0.3 and earlier are affected, potentially compromising manufacturing and automation equipment.

💻 Affected Systems

Products:
  • Delta Electronics CNCSoft-B
Versions: Versions 1.0.0.3 and earlier
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects industrial control systems in manufacturing environments. CNCSoft-B is used for computer numerical control programming and operation.

📦 What is this software?

Cncsoft B by Criticalmanufacturing

View all CVEs affecting Cncsoft B →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to take control of industrial equipment, disrupt manufacturing processes, or pivot to other industrial network systems.

🟠

Likely Case

Remote code execution leading to data theft, process manipulation, or installation of persistent malware on industrial control systems.

🟢

If Mitigated

Limited impact if systems are isolated in air-gapped networks with strict access controls and monitoring.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

ZDI-21-444 advisory includes technical details. Exploitation requires network access to vulnerable systems.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.0.0.4 or later

Vendor Advisory: https://www.deltaww.com/en-US/Service/DownloadCenter

Restart Required: Yes

Instructions:

1. Download latest CNCSoft-B version from Delta Electronics website. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Restart system and verify operation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate CNC systems in separate network segments with strict firewall rules

Access Control

all

Restrict network access to CNC systems using IP whitelisting

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit access to CNC systems
  • Deploy intrusion detection systems and monitor for anomalous network traffic to CNC ports

🔍 How to Verify

Check if Vulnerable:

Check CNCSoft-B version in Help > About menu. If version is 1.0.0.3 or earlier, system is vulnerable.

Check Version:

Check Help > About menu in CNCSoft-B application

Verify Fix Applied:

Verify version shows 1.0.0.4 or later in Help > About menu after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from CNCSoft-B
  • Failed authentication attempts to CNC system
  • Unexpected network connections to CNC ports

Network Indicators:

  • Unusual traffic to CNC system ports (typically TCP 502 for Modbus)
  • Anomalous outbound connections from CNC systems

SIEM Query:

source="cnc_logs" AND (event_type="process_creation" OR event_type="network_connection") AND process_name="CNCSoft-B.exe"

📊 Metadata

CVE ID: CVE-2021-22664
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: April 27, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22664, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)