Delta Controls enteliBUS Controllers

Act Now9.8ICS-CERT ICSA-19-239-01Aug 27, 2019

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A buffer overflow vulnerability in Delta Controls enteliBUS Controller, Manager, and Manager Touch firmware allows remote code execution. An attacker on the same network can exploit this to gain complete control of the device's operating system. Affected versions are 3.40 R5 build 571848 and earlier. The vulnerability requires only network access with no authentication and has a CVSS score of 9.8. No known public exploits currently target this vulnerability.

What this means

What could happen

An attacker on the same network can execute arbitrary code on the enteliBUS controller, potentially altering building automation processes, disabling HVAC/lighting systems, or manipulating facility operations such as access control or energy management.

Who's at risk

Building automation system operators using Delta Controls enteliBUS products should care. This affects facility managers and controls engineers responsible for HVAC, lighting, access control, and other building systems managed by enteliBUS Controllers, Managers, and Manager Touch devices in commercial buildings, data centers, and critical infrastructure facilities.

How it could be exploited

An attacker on the same network segment sends a specially crafted network packet to the vulnerable enteliBUS device. The buffer overflow vulnerability allows the attacker to overwrite memory and inject code that runs with full device privileges, giving complete control of the building automation controller's operating system.

Prerequisites

Network access to the enteliBUS device on the same network segment or routed network
enteliBUS firmware version 3.40 R5 build 571848 or earlier

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)no public exploit availablefirmware access restricted to vendor partners

Exploitability

Moderate exploit probability (EPSS 5.9%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

enteliBUS Controller (eBCON) firmware:≤ 3.40 R5 build 5718483.40 R6 build 612850

enteliBUS Manager Touch (eBMGR-TCH) firmware:≤ 3.40 R5 build 5718483.40 R6 build 612850

enteliBUS Manager firmware:≤ 3.40 R5 build 5718483.40 R6 build 612850

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDo not expose building controllers directly to the Internet; restrict access to internal network only

WORKAROUNDImplement VPN for any required remote access to enteliBUS network devices

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade enteliBUS Controller, Manager, and Manager Touch firmware from 3.40 R5 build 571848 to 3.40 R6 build 612850 or later

Long-term hardening

0/2

HARDENINGSegment the building automation network from other IT systems using firewalls or network access control

HARDENINGRegularly audit and validate authorized user access to building controllers and sites

CVEs (1)

CVE-2019-9569

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c04c8507-8ab1-43c0-97af-b6f282d36cbd