Delta Electronics DMARS

Monitor5.5ICS-CERT ICSA-22-104-01Apr 14, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics DMARS contains an XML external entity (XXE) vulnerability (CWE-611) in versions before 2.1.10.24 that allows local attackers to read sensitive information such as project files or configuration data. The vulnerability requires user interaction—an attacker must trick a user into opening a malicious DMARS project file or attachment. This could expose credentials, setpoints, logic configuration, or other sensitive system data that could be used in follow-up attacks. No public exploits exist, and the vulnerability is not remotely exploitable.

What this means

What could happen

An attacker with local access to a DMARS system could read sensitive information such as project files or configuration details. This could enable further attacks or unauthorized modifications to your system.

Who's at risk

Delta Electronics DMARS users, particularly in manufacturing automation and process control environments. This affects any organization using DMARS for control logic, parameter management, or system configuration where sensitive project files or credentials are stored.

How it could be exploited

An attacker needs local access to the DMARS device and user interaction (someone must open a malicious project file or attachment). The vulnerability allows reading sensitive data from the system once the file is opened.

Prerequisites

Local access to the DMARS device
Social engineering to get a user to open a malicious project file or attachment
User interaction (file opening required)

Local access required (lower risk than remote)User interaction requiredInformation disclosure only (no direct system compromise)No patch available from vendor

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

DMARS: All< 2.1.10.242.1.10.24 or later

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDOnly use DMARS project files from trusted sources; do not open unsolicited email attachments or click links in emails

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DMARS to version 2.1.10.24 or later by contacting Delta Electronics Field Application Engineer (FAE) or solution center

Long-term hardening

0/3

HARDENINGIsolate DMARS and all control system networks behind firewalls and away from the Internet and business network

HARDENINGNever connect DMARS programming software to networks other than the intended control system network

HARDENINGUse secure remote access methods such as VPNs if remote access to DMARS is required

CVEs (1)

CVE-2022-1331

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ab007d69-a929-4b0b-a1f3-7d879a1694d6