Sign-up

ID

VAR-202502-2329


CVE

CVE-2025-22881


TITLE

Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-12364)

Trust: 0.6

sources: CNVD: CNVD-2025-12364

DESCRIPTION

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company

Trust: 1.44

sources: NVD: CVE-2025-22881 // CNVD: CNVD-2025-12364

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12364

AFFECTED PRODUCTS

vendor:deltamodel:electronics cncsoft-g2scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-12364

CVSS

SEVERITY

CVSSV2

CVSSV3

759f5e80-c8e1-4224-bead-956d7b33c98b: CVE-2025-22881
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-12364
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-12364
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2025-12364 // NVD: CVE-2025-22881

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

sources: NVD: CVE-2025-22881

PATCH

title:Patch for Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-12364)url:https://www.cnvd.org.cn/patchInfo/show/697096

Trust: 0.6

sources: CNVD: CNVD-2025-12364

EXTERNAL IDS

db:NVDid:CVE-2025-22881

Trust: 1.6

db:CNVDid:CNVD-2025-12364

Trust: 0.6

sources: CNVD: CNVD-2025-12364 // NVD: CVE-2025-22881

REFERENCES

url:https://filecenter.deltaww.com/news/download/doc/delta-pcsa-2025-00003_cncsoft-g2%20-%20heap-based%20buffer%20overflow_v1.pdf

Trust: 1.6

sources: CNVD: CNVD-2025-12364 // NVD: CVE-2025-22881

SOURCES

db:CNVDid:CNVD-2025-12364
db:NVDid:CVE-2025-22881

LAST UPDATE DATE

2025-06-15T23:21:37.067000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12364date:2025-06-13T00:00:00
db:NVDid:CVE-2025-22881date:2025-02-26T08:14:25.137

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12364date:2025-06-13T00:00:00
db:NVDid:CVE-2025-22881date:2025-02-26T08:14:25.137