Delta Electronics Delta Industrial Automation Screen Editor

Monitor5.5ICS-CERT ICSA-18-004-01Jan 4, 2018

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Industrial Automation Screen Editor Version 2.00.23.00 and earlier contains multiple memory safety vulnerabilities (buffer overflow, use-after-free, type confusion) in file parsing that can be triggered by processing specially crafted project files. An attacker with local access who convinces a user to open a malicious file could crash the application or potentially execute arbitrary code. Delta Electronics has end-of-lifed this product and replaced it with DOPSoft Version 2. The vendor recommends restricting application use to trusted files only.

What this means

What could happen

Exploitation could crash the Screen Editor application or cause unexpected behavior, disrupting design work for control system interfaces. In a manufacturing environment where this tool is used to configure operator panels, interruption could delay production system updates or maintenance.

Who's at risk

Manufacturing facilities using Delta Industrial Automation Screen Editor for designing and configuring operator interfaces and control system HMI (human-machine interface) panels should be aware of this vulnerability. Engineering teams that maintain or update control system visualization screens are most directly affected.

How it could be exploited

An attacker with local access to an engineering workstation could trick a user into opening a malicious file (such as a crafted project file) with the Screen Editor. The vulnerability in file parsing (buffer overflow, use-after-free, or type confusion) would trigger when the application processes the file, causing denial of service or potential code execution with the privileges of the user running the application.

Prerequisites

Local access to engineering workstation running Screen Editor
User interaction required (opening a malicious file)
Screen Editor Version 2.00.23.00 or earlier installed

low complexity attackuser interaction requireddenial of service impactno patch available for legacy versionlocal access required

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

Delta Industrial Automation Screen Editor:≤ 2.00.23.00No fix (EOL)

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict file interactions in Screen Editor to trusted sources only and disable opening files from untrusted or external locations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMigrate from Delta Industrial Automation Screen Editor to DOPSoft Version 2

Mitigations - no patch available

0/1

Delta Industrial Automation Screen Editor: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement file integrity checks and restrict which users can execute the Screen Editor application on engineering workstations

CVEs (4)

CVE-2017-16751 CVE-2017-16749 CVE-2017-16747 CVE-2017-16745

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/84c1e014-e8f3-47f8-bca9-f9af8b8fb58b