Industrial
CVE-2026-3094
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
AnalysisAI
Arbitrary code execution in Delta Electronics CNCSoft-G2 occurs when the application fails to properly validate user-supplied files, allowing an attacker to execute malicious code by tricking a user into opening a crafted file. This local vulnerability affects industrial environments running CNCSoft-G2 and requires user interaction to exploit. No patch is currently available.
Technical ContextAI
Classified as CWE-787 (Out-of-bounds Write). Affects Cncsoft-G2. Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.
More in Industrial
View allKede Electronics IoT smart water meter monitoring platform v1.0 has a SQL injection allowing attackers to compromise the
bulk_extractor digital forensics tool starting from version 1.4 has a heap buffer overflow in its embedded unrar code th
RustCrypto CMOV before 0.4.4 emits non-constant-time assembly on ARM Cortex-M0/M0+/M1 targets. Cryptographic operations
dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to over
SQL injection in Koko Analytics for WordPress prior to version 2.1.3 allows unauthenticated attackers to inject maliciou
RustCrypto's SM2 elliptic curve implementation in versions 0.14.0-pre.0 and 0.14.0-rc.0 is vulnerable to denial-of-servi
free5GC SMF versions up to 1.4.1 crash when receiving malformed PFCP SessionReportRequest packets on UDP port 8805, allo
free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the UDP/8805 inte
free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the PFCP interfac
INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that ca
Mailpit versions up to 1.28.2 contains a vulnerability that allows attackers to intercept sensitive data such as email c
Authentication bypass via path traversal in ZBT WE2001 router's check_token function. EPSS 0.69% — crafted requests bypa
Same weakness CWE-787 – Out-of-bounds Write
View allShare
External POC / Exploit Code
Leaving vuln.today