Delta Electronics TPEditor

Plan Patch7.8ICS-CERT ICSA-19-253-01Sep 10, 2019

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics TPEditor versions 1.94 and earlier contain multiple memory corruption vulnerabilities (buffer overflow, out-of-bounds write) that can allow information disclosure, remote code execution, or application crash when processing malicious files. These vulnerabilities are not remotely exploitable and require local user interaction to open an untrusted file.

What this means

What could happen

An attacker who tricks an engineer into opening a malicious TPEditor project file could execute arbitrary commands on the engineering workstation, allowing them to modify automation logic, steal configuration files, or disrupt program development. In the worst case, compromised automation code could be deployed to control systems, affecting plant operations.

Who's at risk

Engineering teams and operators who use Delta TPEditor to configure and manage Delta industrial automation equipment, including programmable logic controllers (PLCs), power management devices, and motor drives. This affects anyone creating, editing, or deploying automation program files on Windows engineering workstations.

How it could be exploited

An attacker crafts a malicious TPEditor project file (.tpe or similar) designed to trigger a buffer overflow or out-of-bounds write when opened. The attacker sends this file via email or hosts it on a website and socially engineers an engineer to open it using TPEditor. Upon opening, the memory corruption vulnerability executes the attacker's payload, which could run commands with the privileges of the engineering workstation user.

Prerequisites

Local access to a Windows machine with TPEditor installed
User with permission to run TPEditor
User must be tricked into opening a malicious TPEditor project file
No authentication or special privileges required beyond ability to run the application

High severity memory corruption (buffer overflow, out-of-bounds write)Local code execution possible if user opens malicious fileEngineering workstation compromise can lead to supply-chain style attack on deployed automationRequires social engineering / user interactionLow EPSS score but affects development environment

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

TPEditor:≤ 1.941.95

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict opening of TPEditor files to trusted sources only; verify file origin before opening project files

HARDENINGEducate engineers on email and file security; do not open unsolicited TPEditor project files or attachments from unknown senders

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Delta TPEditor to version 1.95 or later from the Delta download center

Long-term hardening

0/2

HARDENINGImplement application whitelisting on engineering workstations to prevent unauthorized code execution

HARDENINGSegment engineering workstations from production networks to limit impact if workstation is compromised

CVEs (3)

CVE-2019-13540 CVE-2019-13536 CVE-2019-13544

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e306b89a-f2e0-4904-ae32-8565cd405aec