OTPulse
FeedAboutContact

Delta Electronics TPEditor

Plan Patch7.8ICS-CERT ICSA-21-236-03Aug 24, 2021
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Delta Electronics TPEditor versions 1.98.06 and earlier contain a buffer overflow vulnerability (CWE-122) that allows arbitrary code execution when a user opens a malicious file. The vulnerability is not remotely exploitable and requires user interaction. An attacker would need to trick a user into opening a crafted file via email or social engineering to trigger the vulnerability and execute arbitrary code on the affected workstation.

What this means
What could happen
An attacker with local access to a machine running TPEditor could execute arbitrary code with the privileges of the user running the application, potentially compromising engineering workstations and allowing modification of control system configurations or programs.
Who's at risk
Organizations running Delta Electronics TPEditor on engineering workstations used to program and configure Delta industrial controllers (PLCs, motion controllers, HMI systems). This affects anyone who develops or maintains Delta control system logic, including water utilities, power facilities, and manufacturing plants.
How it could be exploited
An attacker would need to trick a user into opening a malicious file (via email or other social engineering) on a machine with TPEditor installed. When the file is opened in TPEditor, a buffer overflow vulnerability (CWE-122) is triggered, allowing arbitrary code execution on that workstation. The attacker cannot reach the vulnerability over the network; they must rely on user interaction to deliver the exploit.
Prerequisites
  • Local file access to a machine running TPEditor
  • User interaction required (user must open a malicious file in TPEditor)
  • TPEditor version 1.98.06 or earlier installed
Buffer overflow vulnerability (CWE-122)Local code execution possibleUser interaction required (social engineering attack vector)Affects engineering/design systems which could be leveraged to alter control logic
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
TPEditor: v1.98.06 and prior≤ 1.98.061.98.07
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDTrain users to avoid opening unsolicited email attachments and clicking suspicious links; implement email filtering to block potentially malicious attachments
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Delta TPEditor to version 1.98.07 or later
Long-term hardening
0/1
HARDENINGRestrict TPEditor to engineering workstations only; isolate engineering networks from general corporate email systems where possible
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/dbb350a1-5d44-4c9b-91f4-6b3bc2d24216