CISA Warns of Deserialization Flaw in Delta Electronics DTM Soft Allowing Code Execution
CISA disclosed a high-severity deserialization vulnerability in Delta Electronics DTM Soft that could let attackers execute arbitrary code on industrial control systems.
CISA has disclosed a high-severity vulnerability in Delta Electronics DTM Soft, a software tool used for configuring and managing industrial automation devices. Tracked as CVE-2026-12578, the flaw stems from deserialization of untrusted data and carries a CVSS v3.1 base score of 7.8. Successful exploitation could allow an attacker to execute arbitrary code on the affected system, potentially disrupting critical manufacturing operations.
The vulnerability affects all versions of Delta Electronics DTM Soft. The product is deployed worldwide across critical manufacturing sectors, making the flaw a significant concern for industrial control system security. The issue was reported to CISA by kimiya of TrendAI Zero Day Initiative, highlighting the ongoing collaboration between security researchers and government agencies to identify and mitigate risks in operational technology environments.
Deserialization vulnerabilities occur when an application deserializes untrusted data without proper validation, allowing an attacker to inject malicious objects that can alter the program's behavior. In this case, an attacker could craft a malicious project file that, when opened by a user, triggers arbitrary code execution. The vulnerability is not exploitable remotely, requiring local access or social engineering to deliver the malicious file.
Delta Electronics is aware of the vulnerability and is currently working on a fix. In the meantime, CISA recommends several mitigations to reduce the risk of exploitation. Users should not open unsolicited project files, untrusted internet links, or unexpected attachments from emails, network shares, or USB drives. Additionally, running the software with standard user privileges instead of administrator rights can limit the potential damage of malicious code.
CISA also advises organizations to minimize network exposure for all control system devices, ensuring they are not accessible from the internet. Control system networks should be located behind firewalls and isolated from business networks. When remote access is required, more secure methods such as VPNs should be used, though organizations must recognize that VPNs have their own vulnerabilities and should be kept updated.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. However, the disclosure serves as a reminder of the persistent risks facing industrial control systems. As manufacturers increasingly connect their operational technology to IT networks, vulnerabilities in configuration software like DTM Soft become attractive targets for threat actors seeking to disrupt critical infrastructure.
Organizations using Delta Electronics DTM Soft should monitor Delta's advisory page for updates on the forthcoming patch and implement the recommended workarounds in the interim. CISA encourages all organizations to adopt defense-in-depth strategies for ICS assets and to report any suspected malicious activity to the agency for tracking and correlation against other incidents.