Delta Industrial Automation TPEditor

Monitor6.6ICS-CERT ICSA-18-284-03Oct 11, 2018

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Buffer overflow vulnerabilities in Delta Industrial Automation TPEditor versions 1.90 and earlier can cause application crashes and may allow code execution when processing malicious files. The vulnerabilities result from improper bounds checking (CWE-121, CWE-787). Exploitation requires a user to open a crafted file with TPEditor; remote exploitation is not possible. Delta has released version 1.91 as a fix.

What this means

What could happen

A buffer overflow in TPEditor could crash the application or allow an attacker to run arbitrary code on an engineering workstation, potentially compromising control system configuration files or enabling lateral movement to connected PLCs.

Who's at risk

Manufacturing facilities and system integrators using Delta TPEditor on engineering workstations to configure Delta PLC and HMI devices are affected. This impacts anyone designing or maintaining automation control logic for industrial processes.

How it could be exploited

An attacker crafts a malicious file and tricks a user into opening it with TPEditor (e.g., via email or social engineering). When the file is processed, the buffer overflow is triggered, leading to a crash or code execution on the workstation running the editor.

Prerequisites

TPEditor version 1.90 or earlier installed on engineering workstation
User must open a malicious file with TPEditor
No remote exploitation; local access or social engineering required

buffer overflow vulnerabilitylocal code execution possiblerequires user interactionaffects engineering workstations used to configure critical control devices

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

TPEditor:≤ 1.901.91

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict TPEditor file access to trusted sources only; disable opening files from untrusted networks or email

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Delta TPEditor to version 1.91 or later

Long-term hardening

0/1

HARDENINGImplement email filtering and user awareness training to prevent opening unsolicited files from external sources

CVEs (2)

CVE-2018-17929 CVE-2018-17927

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/867dc3a3-41ef-4b9f-8451-109c566b9e79