Delta Electronics DIAScreen

Plan Patch7.8ICS-CERT ICSA-23-033-01Feb 2, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

DIAScreen contains buffer overflow vulnerabilities in input handling that could allow local code execution if a user opens a specially crafted file. The vulnerabilities are triggered through user interaction and require local file system access to the workstation. No remote exploitation is possible. Affected versions are 1.2.1.23 and earlier.

What this means

What could happen

An attacker with local access to a machine running DIAScreen could execute arbitrary code, potentially gaining control of the workstation and any connected industrial devices it manages.

Who's at risk

This affects any utility or plant operator using Delta Electronics DIAScreen software for monitoring or configuring industrial devices. DIAScreen is commonly used in power generation, water treatment, and HVAC control environments where engineering staff access it from workstations.

How it could be exploited

An attacker must have local access to the DIAScreen workstation (e.g., via USB, shared network folder, or physical access) and trick a user into opening a malicious file. Once the user interacts with the crafted input, the attacker gains code execution on the workstation with the privileges of the logged-in user.

Prerequisites

Local file system access to the DIAScreen workstation
User interaction required (user must open or interact with crafted file)
DIAScreen version 1.2.1.23 or earlier installed

Buffer overflow vulnerability (CWE-121, CWE-119, CWE-787)Local code executionRequires user interactionLow complexity attackEnd-of-life product (no fix planned for older versions)

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

DIAScreen: DIAScreen:≤ 1.2.1.231.3.0

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict local and network access to DIAScreen workstations; limit file sharing and USB access

WORKAROUNDEducate users not to open files from untrusted sources on DIAScreen systems

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DIAScreen to version 1.3.0 or later

Long-term hardening

0/2

HARDENINGImplement application whitelisting on DIAScreen workstations to prevent unauthorized code execution

HARDENINGIsolate DIAScreen workstations from the business network using network segmentation or air-gapping

CVEs (3)

CVE-2023-0250 CVE-2023-0251 CVE-2023-0249

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c0421a59-b7d4-42ba-afda-da048cf620aa