Skip to main content

Asda Soft EUVDEUVD-2026-20033

| CVE-2026-5726 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-04-08 Deltaww GHSA-3fvx-8h8j-fxvf
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 08, 2026 - 02:30 euvd
EUVD-2026-20033
Analysis Generated
Apr 08, 2026 - 02:30 vuln.today
CVE Published
Apr 08, 2026 - 01:46 nvd
HIGH 7.8

DescriptionCVE.org

ASDA-Soft Stack-based Buffer Overflow Vulnerability

AnalysisAI

Stack-based buffer overflow in Delta Electronics ASDA-Soft allows local attackers with no privileges to execute arbitrary code by tricking users into opening a malicious file. The vulnerability achieves complete system compromise (confidentiality, integrity, availability all rated High in CVSS) through user interaction with crafted input. No public exploit identified at time of analysis, though the low attack complexity and lack of required privileges increase realistic exploitation risk once details emerge.

Technical ContextAI

ASDA-Soft is Delta Electronics' industrial automation configuration software for ASDA servo drive systems, commonly deployed in manufacturing and industrial control environments. This vulnerability stems from CWE-121 (stack-based buffer overflow), where the application fails to properly validate the size of user-supplied input before copying it to a fixed-size stack buffer. When processing specially crafted files (likely project files or configuration data based on typical ASDA-Soft functionality), excessive data overwrites adjacent memory on the stack, potentially corrupting return addresses or function pointers to redirect program execution. The affected product is identified as cpe:2.3:a:deltaww:asda-soft, indicating Delta Electronics (deltaww) ASDA-Soft across unspecified versions, suggesting broad version impact pending specific vendor guidance.

RemediationAI

Consult the official Delta Electronics security advisory Delta-PCSA-2026-00007 available at https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00007_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerability%20(CVE-2026-5726).pdf for specific patch versions and update instructions, as exact fix version is not confirmed from available data at time of analysis. Until patching is completed, implement defense-in-depth controls: restrict ASDA-Soft usage to isolated engineering workstations without direct operational technology network access, enforce strict policies against opening untrusted project files or configuration data, deploy application whitelisting to prevent unauthorized code execution, and consider file integrity monitoring on engineering systems. For critical environments, evaluate air-gapping engineering workstations or implementing jump hosts with file scanning capabilities to inspect project files before transfer to production systems.

Share

EUVD-2026-20033 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy