OTPulse
FeedAboutContact

Delta Industrial Automation COMMGR

Act Now9.8ICS-CERT ICSA-21-110-03Apr 20, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

COMMGR versions 1.12 and earlier contain a stack buffer overflow vulnerability (CWE-121) that allows remote code execution or application crash without authentication. Successful exploitation could result in arbitrary code execution on the application server or denial-of-service condition affecting automation system visibility and control.

What this means
What could happen
An attacker with network access to COMMGR could execute arbitrary code on the application server, potentially disrupting process control and monitoring functions, or crash the application causing loss of visibility into automation systems.
Who's at risk
Manufacturing facilities using Delta Electronics COMMGR for process monitoring and control should prioritize this vulnerability. COMMGR is commonly used in industrial automation environments to manage communications and data flow between controllers, sensors, and operator interfaces. Unauthorized code execution could compromise the integrity of production processes and system availability.
How it could be exploited
An attacker sends a specially crafted network request to the COMMGR application server (port and protocol unspecified in advisory, likely HTTP/HTTPS or native protocol). The vulnerability is in a memory handling function (CWE-121 stack buffer overflow), allowing the attacker to overwrite memory and execute arbitrary commands without authentication.
Prerequisites
  • Network access to COMMGR application server
  • COMMGR version 1.12 or earlier running
  • No authentication required
Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS score (9.8)Affects control system availabilityStack buffer overflow vulnerability
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
COMMGR:≤ 1.121.13
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict network access to COMMGR application server to authorized engineering workstations and control system networks only
HARDENINGIsolate COMMGR and the control system network behind a firewall, blocking inbound access from the Internet and business network
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade COMMGR to version 1.13 or later
Long-term hardening
0/1
HARDENINGImplement network segmentation to separate the COMMGR server from general IT systems
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f5b80afa-c785-400a-8e2e-03b4503df45b