OTPulse
FeedAboutContact

Delta Electronics ISPSoft

Monitor5.3ICS-CERT ICSA-18-275-01Oct 2, 2018
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Delta Electronics ISPSoft versions 3.0.5 and earlier contain a stack-based buffer overflow vulnerability (CWE-121) that allows code execution under the context of the application when a user opens a malicious project or file. Successful exploitation could allow an attacker to execute arbitrary code on the engineering workstation, which typically has unrestricted access to connected Delta PLCs and control system devices.

What this means
What could happen
An attacker could run arbitrary code on an engineering workstation running ISPSoft, potentially allowing them to modify PLC programs, alter control logic, or sabotage automation configurations used across Delta control systems.
Who's at risk
This affects any organization using Delta Electronics ISPSoft versions 3.0.5 or earlier for programming and managing Delta DVP-SE series PLCs or other Delta control devices. Typical users include automation engineers, system integrators, and manufacturing facilities that use Delta equipment for process automation, motion control, or facility management.
How it could be exploited
An attacker would need to trick a user into opening a malicious file or project in ISPSoft (e.g., via email or removable media). Once opened, the vulnerability in ISPSoft v3.0.5 and earlier allows code execution in the application context, which has access to connected PLCs and control system configurations.
Prerequisites
  • User interaction required: victim must open a malicious ISPSoft project or file
  • ISPSoft version 3.0.5 or earlier installed on an engineering workstation
  • Access to the workstation or ability to deliver a malicious file (no network access needed)
Local code execution via application vulnerabilityUser interaction required (reduces but does not eliminate risk)Affects engineering workstations with access to control system devicesNo patch currently available (requires manual update to v3.0.6)
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
ISPSoft:≤ 3.0.53.0.6 or newer
Remediation & Mitigation
0/6
Do now
0/4
HARDENINGRestrict file access permissions on ISPSoft project directories to authorized engineering staff only
HARDENINGDisable or restrict removable media access on engineering workstations running ISPSoft
HARDENINGImplement email filtering to block executable or project files from untrusted sources
HARDENINGEstablish a procedure for users to validate the source of ISPSoft project files before opening them
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ISPSoft to version 3.0.6 or newer
Long-term hardening
0/1
HARDENINGIsolate engineering workstations from the business network using a dedicated VLAN or air-gap when not actively programming
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e9b20955-b0aa-49a3-bc96-6e8a1f5fc22d
Delta Electronics ISPSoft | CVSS 5.3 - OTPulse