Delta Electronics ASDA-Soft PAR File Parsing Flaw Allows Remote Code Execution
A stack-based buffer overflow in Delta Electronics ASDA-Soft (CVE-2026-1361) allows remote code execution via malicious PAR files, with a CVSS score of 7.8.
A critical vulnerability has been disclosed in Delta Electronics ASDA-Soft, a configuration and tuning tool for servo drives. Tracked as CVE-2026-1361 and assigned ZDI-26-211, the flaw is a stack-based buffer overflow that arises during the parsing of PAR files. With a CVSS score of 7.8, the vulnerability can be exploited to achieve remote code execution arbitrary code in the context of the current process, requiring only that a user opens a malicious file or visits a malicious page.
The specific weakness lies in the lack of proper validation of user-supplied data length before copying it to a stack-based buffer. An attacker can craft a specially crafted PAR file that, when processed by ASDA-Soft, overflows the stack and overwrites critical memory regions. This allows the attacker to hijack execution flow and run arbitrary code on the victim's machine. The vulnerability was reported to Delta Electronics by researcher nisu of Trend Research on December 24, 2025.
Delta Electronics has released a patch to address the issue. Further details are available in CISA advisory ICSA-26-048-02, which provides guidance for affected users. The coordinated public disclosure occurred on March 16, 2026, the same day the advisory was updated. Users of ASDA-Soft are strongly urged to apply the patch immediately to mitigate the risk of exploitation.
The impact of this vulnerability is significant for industrial environments where ASDA-Soft is used to configure Delta servo drives. An attacker who successfully exploits the flaw could gain the same privileges as the logged-on user, potentially leading to unauthorized access to sensitive data, disruption of operations, or further compromise of connected systems. While user interaction is required, social engineering tactics such as phishing emails or malicious downloads could easily trick operators into opening the malicious file.
This disclosure follows a pattern of increasing scrutiny on industrial control system (ICS) software, where vulnerabilities in configuration tools can serve as entry points for broader attacks. The inclusion of CISA advisory underscores the potential risk to critical infrastructure. Organizations using Delta Electronics products should review the advisory and ensure that their software is up to date.
In addition to applying the patch, users should also implement security best practices such as restricting access to ASDA-Soft, using application whitelisting, and training employees to recognize phishing attempts. Regular vulnerability scanning and patch management are essential to maintaining a strong security posture in operational technology environments.