Critical Stack Buffer Overflow in Delta Electronics ASDA‑Soft (CVE‑2026‑5726) Threatens Industrial Control Systems
What It Is — A stack‑based buffer overflow (CVE‑2026‑5726) resides in Delta Electronics ASDA‑Soft versions ≤ 7.2.2.0. When a malformed .par file is parsed, an attacker can overwrite memory and execute arbitrary code on the host system.
Exploitability — The vulnerability is publicly disclosed with a CVSS v3 score of 7.8 (High). No public PoC has been released, but the advisory notes that “successful exploitation could allow an attacker to execute arbitrary code,” indicating a realistic threat.
Affected Products — Delta Electronics ASDA‑Soft (industrial automation/SCADA software) ≤ 7.2.2.0. The product is deployed worldwide in critical manufacturing environments.
TPRM Impact — A compromised ASDA‑Soft instance can be leveraged to disrupt production lines, tamper with process data, or pivot to other OT assets, creating a supply‑chain risk for manufacturers that rely on Delta’s software as a third‑party component.
Recommended Actions —
- Patch Immediately – Upgrade all ASDA‑Soft installations to version 7.2.6.0 or later, as recommended by Delta.
- Validate File Sources – Enforce strict controls on .par files; only accept files from verified, authenticated sources.
- Network Segmentation – Isolate ASDA‑Soft servers from corporate IT networks and limit inbound traffic to trusted management stations.
- Monitor for Indicators – Deploy IDS/IPS signatures for known exploitation patterns and enable logging of file‑parsing events.
- Vendor Coordination – Contact Delta support for any lingering concerns and obtain the latest security advisories.
Source: CISA Advisory – ICSA‑26‑106‑01