Delta Electronics CNCSoft-B DOPSoft

Monitor7.8ICS-CERT ICSA-24-053-01Feb 22, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

DOPSoft (the engineering software for Delta CNCSoft-B controllers) versions before v4.0.0.82 contain a vulnerability (CWE-427, Uncontrolled Search Path Element) that allows arbitrary code execution when a user opens a malicious file. Successful exploitation could allow an attacker to run commands on the engineering workstation with user privileges, potentially compromising control system projects, credentials, and network access. Delta recommends upgrading to CNCSoft-B v1.0.0.4 with DOPSoft v4.0.0.94.

What this means

What could happen

An attacker could execute arbitrary code on the engineering workstation running DOPSoft, potentially gaining access to plant control software and network credentials used to manage Delta industrial devices.

Who's at risk

This vulnerability affects engineers and technicians using Delta Electronics DOPSoft to program and maintain Delta industrial controllers (PLCs, HMIs, motion controllers). It impacts any organization with Delta automation infrastructure that uses DOPSoft for control system engineering and configuration—particularly water utilities, electrical utilities, and manufacturing facilities.

How it could be exploited

An attacker delivers a malicious file (likely via email or compromised website) to an engineering workstation user. When the user opens or processes the file in DOPSoft, the vulnerability is triggered, allowing arbitrary code execution with the privileges of the logged-in user.

Prerequisites

DOPSoft versions before v4.0.0.82 installed on an engineering workstation
User interaction required: the user must open or import a malicious file into DOPSoft
User is logged into the workstation

Local/user-interaction attack vectorLow complexity exploitationAffects engineering workstations with access to control system credentialsNo patch available for older versions

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

CNCSoft-B v1.0.0.4 DOPSoft: <v4.0.0.82<v4.0.0.82No fix yet

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIsolate engineering workstations running DOPSoft from business networks and the internet using firewalls or network segmentation

WORKAROUNDRestrict access to DOPSoft files and project import functions to authorized engineering personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade CNCSoft-B to v1.0.0.4 with DOPSoft v4.0.0.94 or later

Long-term hardening

0/2

HARDENINGImplement VPN with current security patches for any required remote access to engineering workstations

HARDENINGTrain users to avoid opening unsolicited email attachments or clicking web links that could deliver malicious files

CVEs (1)

CVE-2024-1595

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8fffd1a9-1a86-43d4-a3d7-5933285a0d40