Delta Electronics TPEditor

Plan Patch7.8ICS-CERT ICSA-21-021-02Jan 21, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics TPEditor versions 1.98 and prior contain buffer overflow and out-of-bounds write vulnerabilities (CWE-822, CWE-787) that allow code execution under the application's privileges when a user opens a malicious project file. These vulnerabilities require local access and user interaction but pose a risk to control system integrity if an attacker can trick an engineer into opening a crafted project file. No public exploits are known.

What this means

What could happen

An attacker who tricks a user into opening a malicious project file could execute code with the same privileges as TPEditor, potentially modifying PLC or HMI configurations or collecting sensitive control system data.

Who's at risk

This affects utilities and facilities that use Delta Electronics PLC or HMI equipment and rely on TPEditor for programming, configuration, and maintenance. This includes water authorities, electric utilities, and manufacturing plants that depend on Delta control systems.

How it could be exploited

An attacker sends a specially crafted TPEditor project file to a control system engineer or technician via email or file sharing. When the user opens the file in TPEditor v1.98 or earlier, the application executes malicious code embedded in the project, running under the user's account privileges.

Prerequisites

User must open a malicious project file in TPEditor
User account running TPEditor has access to PLC or HMI configurations
TPEditor installed on engineering workstation or operator station

Local exploitation onlyUser interaction required (social engineering)Low complexity to exploitCould affect control system integrityEngineering workstation exposure

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

TPEditor: v1.98 and prior≤ 1.98v1.98.03 or later

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDOnly open project files from trusted, verified sources

WORKAROUNDDo not click web links or open unsolicited attachments in email

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TPEditor to v1.98.03 or later

Long-term hardening

0/2

HARDENINGImplement file integrity monitoring or code signing controls for project files

HARDENINGRestrict TPEditor to dedicated engineering workstations isolated from production networks

CVEs (2)

CVE-2020-27288 CVE-2020-27284

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e5e0db96-aca1-42ed-ab4c-17697fd241cb