PatchSiren cyber security CVE debrief
CVE-2016-5805 Delta Electronics CVE debrief
CVE-2016-5805 covers multiple heap-based buffer overflow conditions in Delta Electronics engineering software. According to the NVD record, WPLSoft versions prior to V2.42.11, ISPSoft versions prior to 3.02.11, and PMSoft versions prior to 2.10.10 are affected. The reported impact is that malicious files may trigger arbitrary code execution or a denial of service. NVD rates the issue HIGH with a CVSS 3.0 score of 7.8.
- Vendor
- Delta Electronics
- Product
- CVE-2016-5805
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
Organizations that use Delta Electronics WPLSoft, ISPSoft, or PMSoft to develop, open, or process project files should care, especially OT/ICS engineering teams, plant automation administrators, and security teams responsible for workstation hardening and file handling controls.
Technical summary
The NVD weakness mapping identifies CWE-119 (improper restriction of operations within the bounds of a buffer). The vulnerable condition is described as multiple heap-based buffer overflows in Delta Electronics WPLSoft, ISPSoft, and PMSoft. NVD lists the attack vector as local with low attack complexity, no privileges required, and user interaction required (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The record states that malicious files may be used to cause code execution or denial of service.
Defensive priority
High for environments that use the affected Delta Electronics software, because successful exploitation can affect confidentiality, integrity, and availability and relies on a user opening or processing a malicious file.
Recommended defensive actions
- Upgrade WPLSoft to V2.42.11 or later.
- Upgrade ISPSoft to 3.02.11 or later.
- Upgrade PMSoft to 2.10.10 or later.
- Restrict who can open untrusted project or configuration files in these tools.
- Apply workstation hardening and least-privilege controls for engineering systems.
- Monitor for suspicious or unexpected project files delivered to users of the affected software.
- Use trusted transfer channels and file validation procedures before opening third-party files.
Evidence notes
The supplied NVD record states: 'An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10.' It further says there are 'multiple instances of heap-based buffer overflows' that may allow malicious files to cause arbitrary code execution or denial of service. The record assigns CWE-119 and CVSS 3.0 vector CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H with a score of 7.8. The CVE was published on 2017-02-13 and later modified on 2026-05-13 in the supplied metadata.
Official resources
-
CVE-2016-5805 CVE record
CVE.org
-
CVE-2016-5805 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource
Publicly recorded in the CVE/NVD system on 2017-02-13. The NVD reference list includes an ICS-CERT advisory and a SecurityFocus bulletin entry.