Description
ASDA-Soft Stack-based Buffer Overflow Vulnerability
Published: 2026-01-27
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Potential Remote Code Execution via stack-based buffer overflow
Action: Patch
AI Analysis

Impact

This vulnerability is a stack-based buffer overflow in ASDA-Soft that can allow an attacker to corrupt the call stack and execute arbitrary code. The flaw is a classic stack corruption bug, as identified by CWE-121 and CWE-787. If successfully exploited, the attacker could gain local or higher privileges on the affected system, potentially impacting confidentiality, integrity, or availability of the device.

Affected Systems

Delta Electronics’ ASDA-Soft products are affected. No specific product versions are listed in the CNA data; however, the official solution recommends upgrading to version 7.2.2.0 or later. The affected devices likely include industrial control systems that run ASDA-Soft firmware.

Risk and Exploitability

The CVSS vector indicates a score of 7.8, reflecting a high severity. The EPSS score of less than 1% suggests that the likelihood of exploitation in the wild is very low, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is not explicitly described, so the likely attack vector is inferred to be local or remote via a privileged interface of the ASDA-Soft software, unless the device is isolated. The combination of a high CVSS score and low EPSS score places this issue in a moderate risk category, requiring a patch but posing limited immediate threat to broadly exposed systems.

Generated by OpenCVE AI on April 18, 2026 at 14:57 UTC.

Remediation

Vendor Solution

Download and update to: ASDA-Soft v7.2.2.0 or later (Delta Download Center)

OpenCVE Recommended Actions

  • Download and install ASDA-Soft version 7.2.2.0 or later from Delta Electronics’ Download Center
  • Restrict access to ASDA-Soft management interfaces to trusted network segments to reduce exposure
  • Monitor system logs for abnormal stack or memory usage patterns that could indicate exploitation attempts

Generated by OpenCVE AI on April 18, 2026 at 14:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Deltaww
Deltaww asda Soft
Weaknesses CWE-787
CPEs cpe:2.3:a:deltaww:asda_soft:*:*:*:*:*:*:*:*
Vendors & Products Deltaww
Deltaww asda Soft

Tue, 27 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Delta Electronics
Delta Electronics asdasoft
Vendors & Products Delta Electronics
Delta Electronics asdasoft

Tue, 27 Jan 2026 03:45:00 +0000

Type Values Removed Values Added
Description ASDA-Soft Stack-based Buffer Overflow Vulnerability
Title ASDA-Soft Stack-based Buffer Overflow Vulnerability
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Delta Electronics Asdasoft
Deltaww Asda Soft
cve-icon MITRE

Status: PUBLISHED

Assigner: Deltaww

Published:

Updated: 2026-01-27T14:20:21.194Z

Reserved: 2026-01-23T00:59:14.367Z

Link: CVE-2026-1361

cve-icon Vulnrichment

Updated: 2026-01-27T14:19:27.425Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-27T04:16:03.580

Modified: 2026-02-17T20:12:13.893

Link: CVE-2026-1361

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:00:03Z

Weaknesses