Delta Electronics DIAScreen

Plan Patch7.8ICS-CERT ICSA-23-264-03Sep 21, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

DIAScreen versions below 1.3.2 are affected by a buffer overflow vulnerability (CWE-787) that can allow code execution. The vulnerability requires local access to the DIAScreen workstation and user interaction, such as opening a malicious file or clicking a crafted link. No remote exploitation path exists.

What this means

What could happen

An attacker with local access to a machine running DIAScreen could execute arbitrary code, potentially allowing them to modify engineering configurations, process setpoints, or plant data that DIAScreen manages.

Who's at risk

Engineering and operations staff at utilities and manufacturers who use DIAScreen for power distribution automation configuration and monitoring. Anyone responsible for managing Delta Electronics DIA studio automation systems.

How it could be exploited

An attacker must trick a user into opening a malicious file or clicking a link while logged into the machine running DIAScreen. The vulnerability is then triggered by user interaction with that crafted content, allowing code execution in the context of the DIAScreen application.

Prerequisites

Local access to the DIAScreen workstation
User interaction required (user must open a file, click a link, or accept a prompt)
DIAScreen version below 1.3.2 installed and running

Requires user interactionLocal access onlyAffects engineering workstationsSocial engineering vector

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

DIAScreen: < 1.3.2< 1.3.21.3.2

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGEducate users not to click unsolicited links or open attachments in email messages

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DIAScreen to version 1.3.2 or later

Long-term hardening

0/1

HARDENINGRestrict who can log in to engineering workstations and store DIAScreen files only in controlled directories

CVEs (1)

CVE-2023-5068

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bbd53d24-3c53-483c-b2c4-c57c61b5ea9d