OTPulse
FeedAboutContact

ICSA-18-151-01_Delta Industrial Automation DOPSoft

Monitor7.3ICS-CERT ICSA-18-151-01May 31, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Delta Electronics DOPSoft versions 4.00.04 and earlier contain a buffer overflow vulnerability (CWE-125) that can be triggered through malicious file handling. An attacker who can provide a specially crafted file to a user running DOPSoft could execute arbitrary code on the engineering workstation.

What this means
What could happen
An attacker could execute arbitrary code on an engineering workstation running DOPSoft, potentially allowing manipulation of industrial automation projects, PLC configurations, or process parameters that could affect manufacturing operations.
Who's at risk
Manufacturing facilities using Delta Electronics DOPSoft for programming and configuration of industrial controllers and automation systems should assess if they are running affected versions. The risk is highest to engineering teams who regularly open project files from external sources or untrusted locations.
How it could be exploited
An attacker creates a malicious file and tricks a DOPSoft user into opening it (via email, shared drive, or social engineering). When DOPSoft parses the file, the buffer overflow is triggered, allowing the attacker to execute arbitrary code with the permissions of the user running DOPSoft.
Prerequisites
  • User must open a malicious file in DOPSoft
  • DOPSoft must be running on the engineering workstation
  • File delivery via email, USB, or network share
buffer overflow vulnerabilityrequires user interaction (file opening)affects engineering workstations which may have access to production controllerssocial engineering attack vector
Exploitability
Moderate exploit probability (EPSS 2.7%)
Affected products (1)
ProductAffected VersionsFix Status
DOPSoft:≤ 4.00.04No fix yet
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict DOPSoft file interactions to trusted, validated file sources only; implement file validation before opening in DOPSoft
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DOPSoft to the latest version available from Delta Electronics download center
Long-term hardening
0/2
HARDENINGIsolate engineering workstations running DOPSoft from the business network using network segmentation and firewalls
HARDENINGImplement user security training to avoid opening unsolicited files and email attachments from untrusted sources
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/22f49856-c628-462c-8746-f54aaabbbe49