Delta Electronics DOPSoft (Update A)

Plan Patch7.8ICS-CERT ICSA-21-182-03Jul 1, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

A buffer overflow vulnerability in Delta Electronics DOPSoft (version 4.0.10.17 and earlier) allows arbitrary code execution and information disclosure when a user opens a malicious file. The vulnerability is exploitable only with local access and requires user interaction; it is not remotely exploitable. Delta Electronics released a patched version (v4.00.16 or later) on August 31, 2021.

What this means

What could happen

An attacker with local access to a computer running DOPSoft could run arbitrary commands with the privileges of the user, potentially modifying PLC programs or operator interface configurations, or stealing sensitive automation project files.

Who's at risk

Operations, maintenance, and engineering staff at any utility or industrial facility using Delta Electronics PLC programming software (DOPSoft) on engineering workstations or development computers. This affects anyone who programs or maintains Delta brand automation equipment.

How it could be exploited

An attacker must trick a user into opening a malicious file or clicking a link while logged into a system running DOPSoft. This could be done via email or removable media. Once the malicious content is loaded, the attacker gains code execution in the context of the DOPSoft application.

Prerequisites

Local access to a computer running DOPSoft
User interaction required: the affected user must open a malicious file or click a link
DOPSoft version 4.0.10.17 or earlier

Low complexity attackUser interaction requiredLocal access onlyAffects engineering workstation software

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

DOPSoft:≤ 4.0.10.174.00.16

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDEducate users not to click web links or open unsolicited attachments in email, especially on engineering workstations running DOPSoft

HARDENINGRestrict physical and logical access to computers running DOPSoft to authorized personnel only; disable USB ports or removable media if feasible

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DOPSoft to version 4.00.16 or later

CVEs (2)

CVE-2021-27455 CVE-2021-27412

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c2a52964-a980-4541-85bd-552455823912