OTPulse
FeedAboutContact

Delta Electronics DOPSoft (Update A)

Plan Patch7.8ICS-CERT ICSA-21-238-04Aug 26, 2021
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

DOPSoft versions 4.00.11 and earlier contain a stack-based buffer overflow vulnerability (CWE-121) that could allow arbitrary code execution. The vulnerability is triggered through user interaction—for example, opening a malicious project file or configuration. Exploitation requires local access to the workstation running DOPSoft; it is not remotely exploitable.

What this means
What could happen
An attacker could execute arbitrary code on an engineering workstation running DOPSoft, potentially gaining access to PLC and HMI configuration files, process parameters, and control logic used to manage your water treatment, distribution, or power systems.
Who's at risk
Engineering teams and automation departments that use Delta Electronics DOPSoft for programming and configuring Delta PLCs and HMI devices (DOP-B panels, AH500 series). Any organization using DOPSoft for water or power control systems should prioritize updating.
How it could be exploited
An attacker sends a crafted file (e.g., DOPSoft project file) to an engineer via email or social engineering. When the engineer opens the file in DOPSoft, the buffer overflow is triggered, allowing the attacker to run code with the privileges of the user who opened the file. From there, the attacker could access or modify control system configurations stored on that workstation.
Prerequisites
  • Local or physical access to the engineering workstation running DOPSoft
  • User must open a malicious DOPSoft project file or configuration file
  • DOPSoft version 4.00.11 or earlier must be installed
Local code executionRequires user interaction (file open)No patch available in advisoryTargets engineering workstations with access to critical control configurations
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
DOPSoft:≤ 4.00.114.00.11.22
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict file access and email attachments to engineering workstations; block or quarantine suspicious DOPSoft project files at the email gateway
WORKAROUNDEducate engineering staff not to open unsolicited DOPSoft project files or attachments from untrusted sources
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DOPSoft to version 4.00.11.22 or later
Long-term hardening
0/1
HARDENINGIsolate engineering workstations running DOPSoft from the Internet and corporate network using firewalls and network segmentation
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/41ba491f-d0d4-4a31-8753-cf6b9db175ef