Delta Electronics DTM Soft
Summary
CISA has issued an alert regarding a deserialization of untrusted data vulnerability (CVE-2026-12578) in Delta Electronics DTM Soft, which could allow an attacker to execute arbitrary code. The vulnerability affects all versions of the software and has a CVSS v3 score of 7.8. Delta Electronics is working on a fix and recommends workarounds such as not opening untrusted project files and avoiding running the software with administrator privileges.
IFF Assessment
This is bad news for defenders as it announces a critical vulnerability that could lead to arbitrary code execution in industrial control software.
Severity
The article states a CVSS v3 score of 7.8. This high score is due to the vulnerability allowing arbitrary code execution through deserialization of untrusted data, indicating high impact and exploitability, likely requiring user interaction but potentially providing full control.
Defender Context
Defenders, particularly those in critical manufacturing sectors, should be aware of this vulnerability in Delta Electronics DTM Soft. It is crucial to implement the recommended workarounds immediately, which include strictly avoiding opening untrusted project files and running the software with standard user privileges. Organizations should monitor Delta Electronics' advisory page for the release of a patch to mitigate the risk of arbitrary code execution.