OTPulse
FeedAboutContact

Delta Industrial Automation DIALink

Plan Patch8.1ICS-CERT ICSA-22-307-03Nov 3, 2022
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Delta DIALink contains a path traversal vulnerability in its file upload functionality (CWE-22) that allows authenticated attackers to place malicious code on the device. The vulnerability affects all versions prior to 1.5.0.0 Beta 4. Successful exploitation could allow an attacker to execute arbitrary commands on the automation device, potentially altering control logic or disrupting manufacturing processes. Delta has released only a beta version (1.5.0.0 Beta 4) as a fix; no official release is planned, and the beta is available only through Delta field application engineers.

What this means
What could happen
An attacker with valid credentials could upload malicious code to DIALink, potentially compromising manufacturing automation systems and allowing them to alter process behavior or disrupt production.
Who's at risk
Manufacturing facilities using Delta DIALink for automation and process control are affected. This includes companies with DIALink-based conveyor systems, robotic controllers, or other industrial automation logic.
How it could be exploited
An attacker with engineering credentials (or who can obtain them) connects to DIALink over the network and exploits a path traversal flaw in the file upload function to place malicious code on the device. Once installed, the code executes with the same privileges as the DIALink process, allowing modifications to automation logic.
Prerequisites
  • Network access to DIALink device on port 80 or applicable service port
  • Valid engineering workstation credentials or ability to obtain them
  • DIALink version earlier than 1.5.0.0 Beta 4
  • HTTP/file upload service must be enabled and accessible
Remotely exploitableRequires valid credentials (reduces immediate risk)Low attack complexityNo official vendor patch available (only beta)File upload vulnerability allows arbitrary code placement
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
DIALink - DIALink< 1.5.0.0 Beta 41.5.0.0 Beta 4
Remediation & Mitigation
0/6
Do now
0/2
WORKAROUNDRestrict network access to DIALink devices using firewalls; block unnecessary inbound connections on HTTP/file transfer ports
WORKAROUNDDisable the HTTP file upload service if not required for your manufacturing process
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DIALink to version 1.5.0.0 Beta 4 or later (via Delta FAE or direct contact with Delta Industrial Automation)
HARDENINGEnforce strong credentials (unique, complex passwords) for all engineering workstation accounts with access to DIALink
Long-term hardening
0/2
HARDENINGSegment DIALink and all manufacturing control networks from business networks and the Internet
HARDENINGImplement network monitoring and logging to detect unauthorized file upload attempts to DIALink
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f8261c5b-f89f-4783-a0c5-2594b101e96b
Delta Industrial Automation DIALink | CVSS 8.1 - OTPulse