OTPulse
FeedAboutContact

Delta Electronics Delta Industrial Automation DOPSoft

Monitor6.3ICS-CERT ICSA-18-060-03Mar 1, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Delta Industrial Automation DOPSoft versions 4.00.01 and earlier contain a buffer overflow vulnerability (CWE-121) that allows remote code execution. The vulnerability can be triggered by user interaction through a network connection with no authentication required.

What this means
What could happen
An attacker could execute arbitrary code on an engineering workstation running DOPSoft, potentially compromising the security and integrity of automation project files and configurations used to program Delta industrial control devices.
Who's at risk
Manufacturing facilities using Delta Electronics Industrial Automation DOPSoft for programming and engineering of Delta PLCs, HMIs, and other automation controllers. This affects engineering and commissioning teams who use DOPSoft on workstations to develop and maintain automation logic and configurations.
How it could be exploited
An attacker crafts a malicious file or network packet that exploits a buffer overflow in DOPSoft. When a user opens the file or the application processes the packet, the overflow allows the attacker to execute arbitrary code with the privileges of the DOPSoft application on the workstation.
Prerequisites
  • User interaction required to open a malicious file or trigger the vulnerable code path
  • Network connectivity to the workstation running DOPSoft
  • DOPSoft version 4.00.01 or earlier installed
remotely exploitableno authentication requiredlow complexityaffects engineering workstations
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
Delta Industrial Automation DOPSoft:≤ 4.00.014.00.04
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGRestrict network access to workstations running DOPSoft using firewall rules and network segmentation; limit DOPSoft access to trusted engineering networks only
WORKAROUNDEducate engineering staff not to open files from untrusted sources in DOPSoft
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Delta Industrial Automation DOPSoft to version 4.00.04 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f85073dd-57eb-445c-b7f4-fb2248bdf9cc
Delta Electronics Delta Industrial Automation DOPSoft | CVSS 6.3 - OTPulse