CVE-2016-5802 Delta Electronics CVE debrief

Who should care

Organizations that use Delta Electronics WPLSoft, ISPSoft, or PMSoft to open or process project/files, especially industrial automation teams, engineers, and security teams responsible for workstation hardening and file handling controls.

Technical summary

NVD classifies the weakness as CWE-787 (out-of-bounds write). Affected products listed in the NVD record are Delta Electronics WPLSoft prior to V2.42.11, ISPSoft prior to 3.02.11, and PMSoft prior to 2.10.10. The attack vector is local with required user interaction, and the consequence is rated high for confidentiality, integrity, and availability. The issue was published on 2017-02-13 and the NVD record was last modified on 2026-05-13.

Defensive priority

High

Recommended defensive actions

• Upgrade Delta Electronics WPLSoft to V2.42.11 or later.
• Upgrade Delta Electronics ISPSoft to 3.02.11 or later.
• Upgrade Delta Electronics PMSoft to 2.10.10 or later.
• Avoid opening untrusted or unsolicited project/files in the affected software.
• Use least-privilege and workstation isolation for engineering systems that handle vendor files.
• Track vendor and government advisories referenced by NVD for any additional mitigation guidance.

Evidence notes

This debrief is based on the NVD CVE record and the referenced advisories listed there, including the US-CERT/ICS-CERT advisory ICSA-16-348-03 and SecurityFocus BID 94887. The NVD record explicitly lists the affected products, fixed version thresholds, CVSS 3.0 vector, and CWE-787. No KEV listing is present in the supplied data.

Official resources