OTPulse

Delta Electronics DOPSoft (Update A)

Low RiskCVSS 3.3ICS-CERT ICSA-22-244-01Sep 1, 2022
Delta Electronics
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

DOPSoft contains a buffer read vulnerability (CWE-125) that allows sensitive information to be disclosed when a malicious project file is opened. The vulnerability affects all versions of DOPSoft. Exploitation requires user interaction—an attacker must trick an engineering staff member into opening a crafted project file, likely via email or a compromised download source. This is not remotely exploitable and does not directly compromise running control systems. However, exposed information such as control logic, setpoints, or network configuration could be used in follow-up attacks against the facility's industrial systems.

What this means
What could happen
An attacker could gain access to sensitive information from DOPSoft project files, such as control logic, setpoints, or system configuration details that could be used in follow-up attacks. This vulnerability requires user interaction and does not directly impact running operations.
Who's at risk
Organizations using Delta Electronics DOPSoft for industrial automation engineering and programming. DOPSoft is used to configure and program Delta PLCs and HMI devices commonly found in manufacturing, water treatment, and power distribution facilities. Any user who opens untrusted project files is at risk of information disclosure.
How it could be exploited
An attacker must trick a user into opening a malicious DOPSoft project file (likely via email or a compromised source). The file contains a buffer read vulnerability (CWE-125) that exposes sensitive data in memory when the file is parsed. No network access is required.
Prerequisites
  • User must open a malicious DOPSoft project file from an untrusted source
  • DOPSoft must be installed and used to open the file
  • User interaction required (clicking to open or load a project)
requires user interactioninformation disclosure only (no direct operational impact)affects engineering workstationssocial engineering attack vectorno public exploits available
Exploitability
Unlikely to be exploited — EPSS score 0.2%
Affected products (1)
ProductAffected VersionsFix Status
DOPSoft: All versionsAll versionsv4.00.16+
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDOnly load and use DOPSoft project files from trusted sources; do not open files from untrusted email or downloads
HARDENINGTrain engineering staff on email security: do not click web links or open unsolicited attachments in email
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DOPSoft to v4.00.16 or later
HOTFIXMigrate to DIAScreen in DIAStudio v1.1.2 or later as an alternative to DOPSoft
View full CISA ICS-CERT advisory
API: /api/v1/advisories/8b0862f5-0710-4de1-afc9-74952fe05d10

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.