Delta Industrial Automation TPEditor

Plan Patch7.8ICS-CERT ICSA-20-219-04Aug 6, 2020

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Industrial Automation TPEditor versions 1.97 and earlier contain multiple memory corruption vulnerabilities (CWE-125 out-of-bounds read, CWE-121/122/123 buffer overflow/underflow, CWE-20 improper input validation). These flaws could allow local code execution, information disclosure, or application crash. The vulnerabilities are not remotely exploitable and require local access to the engineering workstation plus user interaction to open a malicious project file.

What this means

What could happen

An attacker with local access to a machine running Delta TPEditor could read sensitive data, modify project files, execute arbitrary code, or crash the application, potentially affecting manufacturing process control and configuration integrity.

Who's at risk

Manufacturing facilities using Delta Industrial Automation TPEditor on engineering workstations are affected. This tool is used to configure and program Delta programmable logic controllers (PLCs) and human-machine interfaces (HMIs). The risk is highest where TPEditor runs on shared workstations or where project files come from external sources.

How it could be exploited

An attacker must have local access to a Windows workstation running TPEditor (version 1.97 or earlier). They could exploit memory corruption vulnerabilities (buffer overflow/underflow) through a specially crafted project file or direct interaction with the application to gain code execution with the privileges of the logged-in user.

Prerequisites

Local access to a Windows machine running TPEditor v1.97 or earlier
User interaction required to open a malicious TPEditor project file or input
No elevation of privilege needed beyond the running application user

Low complexity exploitationLocal access required (limits remote risk)User interaction required (social engineering vector)Memory corruption vulnerabilities (buffer overflow/underflow)No known public exploits available yet

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

TPEditor:≤ 1.971.98

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDTrain operators and engineers to avoid opening TPEditor project files from untrusted sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Delta Industrial Automation TPEditor to version 1.98 or later

Long-term hardening

0/2

HARDENINGRestrict local access to engineering workstations running TPEditor to authorized personnel only

HARDENINGImplement application whitelisting to prevent unauthorized code execution on engineering workstations

CVEs (5)

CVE-2020-16219 CVE-2020-16221 CVE-2020-16223 CVE-2020-16225 CVE-2020-16227

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0a338b10-0fb2-4a50-899b-6ab227c13d4a