CVE-2025-47728
📋 TL;DR
Delta Electronics CNCSoft-G2 has a memory corruption vulnerability due to improper file validation. Attackers can execute arbitrary code by tricking users into opening malicious files. This affects all users of CNCSoft-G2 software for industrial control systems.
💻 Affected Systems
- Delta Electronics CNCSoft-G2
📦 What is this software?
Cncsoft G2 by Deltaww
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attacker to execute arbitrary code with current process privileges, potentially leading to industrial process disruption, data theft, or lateral movement within OT networks.
Likely Case
Local privilege escalation or malware execution on the engineering workstation, potentially affecting connected CNC machines and manufacturing processes.
If Mitigated
Limited impact if proper network segmentation and user privilege restrictions are in place, though file execution could still occur.
🎯 Exploit Status
Requires social engineering to get user to open malicious file. Memory corruption vulnerabilities can be complex to exploit reliably.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Delta Electronics advisory PCSA-2025-00007
Vendor Advisory: https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00007_CNCSoft-G2%20-%20File%20Parsing%20Memory%20Corruption.pdf
Restart Required: Yes
Instructions:
1. Download the patch from Delta Electronics support portal. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the system. 5. Verify the update was successful.
🔧 Temporary Workarounds
Restrict file execution
windowsImplement application whitelisting to prevent execution of unauthorized files
Use Windows AppLocker or similar to restrict CNCSoft-G2 file execution
User training and file validation
allTrain users to only open trusted files and implement file validation procedures
🧯 If You Can't Patch
- Implement strict network segmentation to isolate CNC engineering workstations from other networks
- Apply principle of least privilege - restrict user accounts to only necessary permissions for CNCSoft-G2 operation
🔍 How to Verify
Check if Vulnerable:
Check CNCSoft-G2 version against patched version in vendor advisory. Review system logs for unexpected file parsing errors.Check Version:
Check version in CNCSoft-G2 application interface or installation directory propertiesVerify Fix Applied:
Verify installed version matches patched version from vendor advisory. Test file parsing functionality with known safe files.📡 Detection & Monitoring
Log Indicators:
- Unexpected file parsing errors in application logs
- Memory access violation events in Windows Event Logs
- Unusual process creation from CNCSoft-G2
Network Indicators:
- Unexpected file transfers to CNC engineering workstations
- Suspicious network connections from CNCSoft-G2 process
SIEM Query:
Process Creation where Parent Process contains 'CNCSoft' AND Command Line contains file extension patterns (.cnc, .nc, etc.)