Delta Electronics DX-2100-L1-CN

Act Now9ICS-CERT ICSA-23-033-05Feb 2, 2023

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionRequired

Summary

Delta Electronics DX-2100-L1-CN versions 1.5.0.10 and earlier contain command injection (CWE-78) and improper input validation (CWE-79) vulnerabilities. Successful exploitation allows an attacker with low privileges to escalate to root access, or an unauthenticated attacker to execute remote code with full system privileges. The device is used for industrial power distribution and process control. Delta has released a patched firmware version 1.5.0.12 or later.

What this means

What could happen

An attacker with low privileges could escalate to root access on the DX-2100-L1-CN, or an unauthenticated attacker could execute arbitrary code, allowing complete control of the device and any processes it manages.

Who's at risk

This affects all users of Delta Electronics DX-2100-L1-CN industrial power supplies and controllers operating on version 1.5.0.10 or earlier. This is critical for water utilities, electric utilities, and manufacturing facilities that depend on this device for power distribution, UPS backup control, or process control. Any facility where this device directly manages critical infrastructure operations is at risk.

How it could be exploited

An attacker on your network with low-level credentials (or no credentials) can send a specially crafted request to the DX-2100-L1-CN device, exploiting a command injection (CWE-78) or improper input validation (CWE-79) flaw to execute arbitrary commands with root privileges.

Prerequisites

Network access to the DX-2100-L1-CN device on port(s) used by the vulnerable service
Either low-privilege credentials OR no credentials if exploiting unauthenticated vector

Remotely exploitableLow complexity attackBoth authenticated and unauthenticated exploitation pathsAllows complete code execution as rootCritical CVSS 9.0Affects control system device

Exploitability

Moderate exploit probability (EPSS 3.2%)

Affected products (1)

ProductAffected VersionsFix Status

DX-2100-L1-CN: DX-2100-L1-CN:1.5.0.101.5.0.12 or later

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGImplement network segmentation to isolate DX-2100-L1-CN behind a firewall and remove Internet routing if present

HARDENINGIf remote access is required, enforce VPN-only connectivity with regular VPN client and endpoint patching

WORKAROUNDDisable or restrict remote access to the device until firmware can be updated

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DX-2100-L1-CN firmware to version 1.5.0.12 or later

CVEs (2)

CVE-2022-42140 CVE-2023-0432

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3cc221ec-638a-4b88-9658-baec5fa0b758