CVE-2024-47963
📋 TL;DR
Delta Electronics CNCSoft-G2 has a memory corruption vulnerability where improper validation of user-supplied data allows writing past allocated object boundaries. Attackers can exploit this by tricking users into opening malicious files or visiting malicious pages, potentially executing arbitrary code with the privileges of the current process. This affects industrial control systems using vulnerable versions of CNCSoft-G2 software.
💻 Affected Systems
- Delta Electronics CNCSoft-G2
📦 What is this software?
Cncsoft G2 by Deltaww
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with remote code execution leading to disruption of industrial operations, data theft, or manipulation of CNC machinery.
Likely Case
Local privilege escalation or code execution on systems where users open malicious files, potentially disrupting manufacturing processes.
If Mitigated
Limited impact with proper network segmentation, user awareness training, and restricted file execution policies.
🎯 Exploit Status
Requires user interaction to open malicious files or visit malicious pages. No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.1.0.5
Vendor Advisory: https://www.deltaww.com/en-US/Support/Downloads/Detail?code=CNCSoft-G2
Restart Required: Yes
Instructions:
1. Download CNCSoft-G2 version 1.1.0.5 from Delta Electronics support portal. 2. Close all CNCSoft-G2 applications. 3. Run the installer with administrative privileges. 4. Follow installation prompts. 5. Restart the system.
🔧 Temporary Workarounds
Restrict file execution
windowsImplement application whitelisting to prevent execution of unauthorized files.
Using Windows AppLocker or similar tools to restrict CNCSoft-G2 to only open trusted file types
Network segmentation
allIsolate CNC systems from general business networks and internet access.
Configure firewall rules to restrict CNCSoft-G2 network traffic to necessary industrial protocols only
🧯 If You Can't Patch
- Implement strict user awareness training about opening files from untrusted sources.
- Deploy endpoint detection and response (EDR) solutions to monitor for suspicious process behavior.
🔍 How to Verify
Check if Vulnerable:
Check CNCSoft-G2 version in Help > About menu. Versions below 1.1.0.5 are vulnerable.Check Version:
Not applicable - check via application GUI Help > About menuVerify Fix Applied:
Confirm version shows 1.1.0.5 or higher in Help > About menu after update.📡 Detection & Monitoring
Log Indicators:
- Unexpected process crashes of CNCSoft-G2
- Suspicious file access patterns from CNCSoft-G2 process
Network Indicators:
- Unusual outbound connections from CNC systems
- File downloads to CNC systems from untrusted sources
SIEM Query:
Process:cncsoft.exe AND (EventID:1000 OR EventID:1001) OR FileCreation:(*.dop OR *.nc) FROM untrusted_source