Delta Industrial Automation DOPSoft (Update A)

Plan Patch7.8ICS-CERT ICSA-20-182-01Jun 30, 2020

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta DOPSoft versions 4.00.08.15 and earlier contain buffer overflow (CWE-125) and buffer underflow (CWE-122) vulnerabilities in file handling. Successful exploitation could allow an attacker to read or modify engineering files, execute arbitrary code within the DOPSoft application, or crash the software. The vulnerabilities are not remotely exploitable and require local file access combined with user interaction (opening a malicious file).

What this means

What could happen

An attacker with local access to a machine running DOPSoft could read or modify engineering files, execute arbitrary code with application privileges, or crash the software, potentially disrupting configuration and monitoring of Delta industrial devices.

Who's at risk

Manufacturing facilities using Delta DOPSoft for programming and monitoring Delta PLCs, gateways, and HMI panels. This includes automotive, food and beverage, chemical, and discrete manufacturing plants that rely on Delta devices for process control and supervisory monitoring.

How it could be exploited

An attacker would need to trick a user into opening a malicious file (via email or USB) or place a crafted file on a machine where DOPSoft is installed. When DOPSoft processes the file, it could read sensitive memory, overwrite adjacent data structures, or execute embedded code.

Prerequisites

Local file system access or ability to place a file where DOPSoft user will open it
User interaction required: engineer must open the malicious file with DOPSoft
DOPSoft version 4.00.08.15 or earlier

Buffer overflow vulnerabilityLow complexity attackUser interaction requiredLocal access only

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

DOPSoft:≤ 4.00.08.154.00.08.21

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDTrain engineering staff to avoid opening unsolicited files and email attachments from unknown sources; implement email filtering to block common attachment types

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DOPSoft to version 4.00.08.21 or later

HARDENINGRestrict DOPSoft file access and execution to engineering workstations; use file-level access controls or application whitelisting to prevent opening files from untrusted locations

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate engineering workstations from general corporate network traffic

CVEs (2)

CVE-2020-10597 CVE-2020-14482

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e8597644-798d-4d00-ad58-ec6ffcbfcc4e