Delta Electronics WPLSoft

Plan Patch8.3ICS-CERT ICSA-18-058-02Feb 27, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

WPLSoft versions 2.45.0 and earlier contain multiple buffer overflow vulnerabilities (CWE-121, CWE-122, CWE-787) that allow remote code execution without authentication. An attacker can send specially crafted input to overflow memory buffers and execute arbitrary code on the affected system. The vulnerability is remotely exploitable with low attack complexity and requires user interaction.

What this means

What could happen

An attacker could exploit buffer overflow vulnerabilities in WPLSoft to execute arbitrary code on engineering workstations running the software, potentially allowing them to modify PLC logic, alter control parameters, or disrupt SCADA system operations.

Who's at risk

This affects Delta Electronics WPLSoft users, particularly organizations using Delta PLCs in water treatment, wastewater, electric utilities, and manufacturing. The risk is highest for sites where engineering workstations have network connectivity from multiple sources or are accessed remotely.

How it could be exploited

An attacker could send a specially crafted network request or file to WPLSoft running on an engineering workstation. The application fails to properly validate input bounds, triggering a buffer overflow that allows arbitrary code execution within the context of the user running WPLSoft. No authentication is required.

Prerequisites

WPLSoft version 2.45.0 or earlier installed on an engineering workstation
Network reachability to the workstation (direct or via compromised network segment)
User interaction may be required (UI element in attack vector)
No valid credentials needed for exploitation

remotely exploitableno authentication requiredlow complexity attackbuffer overflow vulnerabilityaffects engineering workstations used to program and modify control logic

Exploitability

Moderate exploit probability (EPSS 1.1%)

Affected products (1)

ProductAffected VersionsFix Status

WPLSoft:≤ 2.45.02.46.0

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to WPLSoft-running workstations using firewall rules; limit to authorized engineering network segments only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WPLSoft to version 2.46.0 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate engineering workstations from production networks and untrusted external networks

CVEs (3)

CVE-2018-7494 CVE-2018-7507 CVE-2018-7509

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e3706f68-d88c-4667-a3ca-c76809e30d4f