CISA 2026-04-16

Delta Electronics ASDA-Soft

CVE-2026-5726

Machine-generated analysis · WAYSCloud LLM

The vulnerability is triggered by parsing a malformed .par file in ASDA-Soft. The advisory explicitly states the product is used in critical manufacturing sectors.

Context

Delta Electronics ASDA-Soft is a software product used in critical manufacturing. The advisory states a stack-based buffer overflow vulnerability exists in versions <=V7.2.2.0, which could allow arbitrary code execution. The vulnerability is specifically triggered when parsing malformed .par files.

Operator considerations

Check: Inventory all installations of ASDA-Soft <=V7.2.2.0.
Patch: Upgrade ASDA-Soft to v7.2.6.0 or later.
Isolate: Place control system networks and devices behind firewalls, isolating them from business networks.
Log: Monitor for attempts to open or process .par files from untrusted sources.

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.

The following versions of Delta Electronics ASDA-Soft are affected:

ASDA-Soft

Read the full advisory on CISA →