Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
ASDA-Soft Stack-based Buffer Overflow Vulnerability
AnalysisAI
Stack-based buffer overflow in Delta Electronics ASDA-Soft allows local attackers with no privileges to execute arbitrary code by tricking users into opening a malicious file. The vulnerability achieves complete system compromise (confidentiality, integrity, availability all rated High in CVSS) through user interaction with crafted input. No public exploit identified at time of analysis, though the low attack complexity and lack of required privileges increase realistic exploitation risk once details emerge.
Technical ContextAI
ASDA-Soft is Delta Electronics' industrial automation configuration software for ASDA servo drive systems, commonly deployed in manufacturing and industrial control environments. This vulnerability stems from CWE-121 (stack-based buffer overflow), where the application fails to properly validate the size of user-supplied input before copying it to a fixed-size stack buffer. When processing specially crafted files (likely project files or configuration data based on typical ASDA-Soft functionality), excessive data overwrites adjacent memory on the stack, potentially corrupting return addresses or function pointers to redirect program execution. The affected product is identified as cpe:2.3:a:deltaww:asda-soft, indicating Delta Electronics (deltaww) ASDA-Soft across unspecified versions, suggesting broad version impact pending specific vendor guidance.
RemediationAI
Consult the official Delta Electronics security advisory Delta-PCSA-2026-00007 available at https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00007_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerability%20(CVE-2026-5726).pdf for specific patch versions and update instructions, as exact fix version is not confirmed from available data at time of analysis. Until patching is completed, implement defense-in-depth controls: restrict ASDA-Soft usage to isolated engineering workstations without direct operational technology network access, enforce strict policies against opening untrusted project files or configuration data, deploy application whitelisting to prevent unauthorized code execution, and consider file integrity monitoring on engineering systems. For critical environments, evaluate air-gapping engineering workstations or implementing jump hosts with file scanning capabilities to inspect project files before transfer to production systems.
ASDA-Soft Stack-based Buffer Overflow Vulnerability [CVSS 7.8 HIGH]
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-20033
GHSA-3fvx-8h8j-fxvf