OTPulse

Delta Electronics DMARS

MonitorCVSS 5.5ICS-CERT ICSA-22-104-01Apr 14, 2022
Delta Electronics
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Delta Electronics DMARS contains an XML external entity (XXE) vulnerability (CWE-611) in versions before 2.1.10.24 that allows local attackers to read sensitive information such as project files or configuration data. The vulnerability requires user interaction—an attacker must trick a user into opening a malicious DMARS project file or attachment. This could expose credentials, setpoints, logic configuration, or other sensitive system data that could be used in follow-up attacks. No public exploits exist, and the vulnerability is not remotely exploitable.

What this means
What could happen
An attacker with local access to a DMARS system could read sensitive information such as project files or configuration details. This could enable further attacks or unauthorized modifications to your system.
Who's at risk
Delta Electronics DMARS users, particularly in manufacturing automation and process control environments. This affects any organization using DMARS for control logic, parameter management, or system configuration where sensitive project files or credentials are stored.
How it could be exploited
An attacker needs local access to the DMARS device and user interaction (someone must open a malicious project file or attachment). The vulnerability allows reading sensitive data from the system once the file is opened.
Prerequisites
  • Local access to the DMARS device
  • Social engineering to get a user to open a malicious project file or attachment
  • User interaction (file opening required)
Local access required (lower risk than remote)User interaction requiredInformation disclosure only (no direct system compromise)No patch available from vendor
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (1)
ProductAffected VersionsFix Status
DMARS: All< 2.1.10.242.1.10.24+
Remediation & Mitigation
0/5
Do now
0/1
WORKAROUNDOnly use DMARS project files from trusted sources; do not open unsolicited email attachments or click links in emails
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DMARS to version 2.1.10.24 or later by contacting Delta Electronics Field Application Engineer (FAE) or solution center
Long-term hardening
0/3
HARDENINGIsolate DMARS and all control system networks behind firewalls and away from the Internet and business network
HARDENINGNever connect DMARS programming software to networks other than the intended control system network
HARDENINGUse secure remote access methods such as VPNs if remote access to DMARS is required
View full CISA ICS-CERT advisory
API: /api/v1/advisories/ab007d69-a929-4b0b-a1f3-7d879a1694d6

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Delta Electronics DMARS | CVSS 5.5 - OTPulse