OTPulse
FeedAboutContact

Delta Industrial Automation DOPSoft

Plan Patch7.8ICS-CERT ICSA-19-225-01Aug 13, 2019
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

DOPSoft versions 4.00.06.15 and earlier contain out-of-bounds read (CWE-125) and use-after-free (CWE-416) vulnerabilities in file parsing logic. These flaws can result in information disclosure, arbitrary code execution, or application crash when a user opens a crafted file in DOPSoft. Successful exploitation requires user interaction (opening a malicious file) but no special credentials or elevated privileges.

What this means
What could happen
An attacker could craft a malicious file or exploit a memory vulnerability in DOPSoft to execute arbitrary code on engineering workstations, potentially altering automation projects before they are deployed to industrial equipment or stealing sensitive process configurations.
Who's at risk
Manufacturing facilities using Delta Electronics DOPSoft for HMI/SCADA automation engineering. This affects engineers and operators who create or modify automation projects on workstations running DOPSoft version 4.00.06.15 or earlier. At risk are organizations in manufacturing sectors (automotive, chemical, food/beverage, utilities) that rely on Delta automation equipment.
How it could be exploited
An attacker sends a specially crafted file (likely via email or file share) to an operator or engineer who opens it in DOPSoft. The out-of-bounds read (CWE-125) or use-after-free (CWE-416) vulnerability is triggered, allowing the attacker to run arbitrary code with the privileges of the user running DOPSoft.
Prerequisites
  • DOPSoft version 4.00.06.15 or earlier installed on an engineering workstation
  • User must open a malicious file in DOPSoft (user interaction required)
  • User has no special credentials or elevated privileges needed beyond normal DOPSoft access
User interaction required to trigger exploitation (opens file)Low complexity to exploitNo patch available for older versionsAffects engineering and control system designMemory safety vulnerabilities (out-of-bounds read, use-after-free)
Exploitability
Low exploit probability (EPSS 0.9%)
Affected products (1)
ProductAffected VersionsFix Status
DOPSoft:≤ 4.00.06.154.00.06.47
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDOnly load automation projects and files from trusted, verified sources
HARDENINGDisable or restrict email attachments on engineering workstations; require file transfers through secure, audited channels
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DOPSoft to version 4.00.06.47 or later
Long-term hardening
0/1
HARDENINGEducate engineers and operators on recognizing and reporting suspicious files or email requests
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e1bbf34f-195d-4615-96e6-f6d6737fa433
Delta Industrial Automation DOPSoft | CVSS 7.8 - OTPulse