CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Delta Electronics DTM Soft

criticalCVE-2026-12578
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. The following versions of Delta Electronics DTM Soft are affected: DTMSoft vers:all/* CVSS Vendor Equipment Vulnerabilities v3 7.8 Delta Electronics Delta Electronics DTM Soft Deserialization of Untrusted Data Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Taiwan Vulnerabilities Expand All + CVE-2026-12578 The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code. View CVE Details Affected Products Delta Electronics DTM Soft Vendor: Delta Electronics Product Version: Delta Electronics DTMSoft: vers:all/* Product Status: known_affected Remediations Mitigation Delta Electronics is aware of the vulnerability and is currently working on a fix. Mitigation Delta Electronics recommends users apply the following workarounds: Mitigation Do not open unsolicited project files: Do not open or import unsolicited project files, untrusted Internet links, or unexpected attachments from emails, network shares, or USB drives. Always verify the source of the file before opening it. Mitigation Avoid running as administrator: Do not use the "Run as Administrator" option when launching the software. Running the software with standard user privileges effectively limits the damage of potential malicious code. Mitigation For more information refer to Delta Electronic's advisory page https://www.deltaww.com/en-US/service-support/product-cybersecurity/advisory Relevant CWE: CWE-502 Deserialization of Untrusted Data Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 4.0 8.4 HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments kimiya of TrendAI Zero Day Initiative reported this vulnerability to CISA Legal Notice and Terms of Use

CSIRTS triage

What
The product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.
Who is affected
Deployments of Delta Electronics DTM Soft worldwide.
Urgency
Remediation is urgent due to the critical severity of the vulnerability.
Action
Users should apply the necessary updates as soon as possible.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch DTM Soft

Get an email when a new DTM Soft advisory drops — max one per day, one-click unsubscribe.

Details

Source
CISA Cybersecurity Advisories (US · national-cert · site)
Severity
critical
Published
2026-06-25
Exploitation
Not in CISA KEV at last sync

Original advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-06

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-12578coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

More from CISA Cybersecurity Advisories