CVE-2026-1361
published 2026-01-27CVE-2026-1361: ASDA-Soft Stack-based Buffer Overflow Vulnerability
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.53%
40.9th percentile
ASDA-Soft Stack-based Buffer Overflow Vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | asda-soft | <= 7.2.0.0 | — |
| deltaww | asda_soft | <= 7.2.2.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition is parsing of .par files in ASDA-Soft <= 7.2.0.0; monitor for ASDA-Soft processes opening or being passed .par files from untrusted sources ↗
- →The overflow corrupts a Structured Exception Handler (SEH) record on the stack; look for SEH-chain corruption indicators or unexpected exception handler overwrites in ASDA-Soft process memory ↗
- →Root cause is an improperly validated user-controlled size parameter; a malicious .par file with an oversized size field is the attack vector — flag .par files with anomalously large size parameters ↗
- →Exploitation requires local access and user interaction (e.g., opening a malicious .par file); alert on ASDA-Soft being launched with .par files received via email attachments or downloaded from the internet ↗
- ·Vulnerability is not remotely exploitable; attack vector is local (AV:L) and requires user interaction — exploitation depends on a user opening a crafted .par file ↗
- ·All ASDA-Soft versions up to and including 7.2.0.0 are affected; version 7.2.2.0 is the patched release ↗
- ·No known public exploitation targeting this vulnerability has been reported to CISA at time of advisory publication ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3hmm-3q3p-7x72: ASDA-Soft Stack-based Buffer Overflow Vulnerability
ghsa_unreviewed·2026-01-27
CVE-2026-1361 [HIGH] CWE-121 GHSA-3hmm-3q3p-7x72: ASDA-Soft Stack-based Buffer Overflow Vulnerability
ASDA-Soft Stack-based Buffer Overflow Vulnerability
CISA ICS
Delta Electronics ASDA-Soft
cisa_ics·2026-02-17·CVSS 7.8
[HIGH] Delta Electronics ASDA-Soft
ICS Advisory
##
Delta Electronics ASDA-Soft
Release DateFebruary 17, 2026
Alert CodeICSA-26-048-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of this vulnerability may allow an attacker to write arbitrary data beyond the bounds of a stack-allocated buffer, leading to the corruption of a structured exception handler (SEH).
The following versions of Delta Electronics ASDA-Soft are affected:
- ASDA-Soft <=7.2.0.0 (CVE-2026-1361)
CVSS
Vendor
Equipment
Vulnerabilities
| v3 7.8
| Delta Electronics
| Delta Electronics ASDA-Soft
| Stack-based Buffer Overflow
## Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Comp
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-01-27
Published