Delta Electronics DTM Soft

Plan PatchCVSS 7.8ICS-CERT ICSA-24-354-03Dec 19, 2024

Delta Electronics

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics DTM Soft versions 1.30 and earlier contain a deserialization vulnerability (CWE-502) that allows arbitrary code execution through local or adjacent network access. The vulnerability requires user interaction, such as opening a malicious file or project. Successful exploitation grants the attacker code execution at the privilege level of the user running DTM Soft. This vulnerability is not remotely exploitable and no public exploitation has been reported.

What this means

What could happen

An attacker with local access to a machine running DTM Soft could execute arbitrary code with the same permissions as the user, potentially compromising the engineering workstation and any process configurations it manages.

Who's at risk

Delta Electronics DTM Soft users managing programmable logic controllers (PLCs) and industrial automation equipment. This primarily affects engineers and operators using the DTM Soft engineering workstation for configuring and managing Delta PLC-based systems in manufacturing, water/wastewater, power, and other critical infrastructure sectors.

How it could be exploited

An attacker must have physical or local network access to a machine running DTM Soft. The vulnerability is triggered through user interaction (likely opening a malicious file or project). Once exploited, the attacker gains code execution within the DTM Soft application context, which could allow them to read, modify, or exfiltrate process configurations and parameters.

Prerequisites

Local or adjacent network access to the machine running DTM Soft
User interaction required (likely opening a malicious file, project, or document)
DTM Soft version 1.30 or earlier must be installed

Arbitrary code execution on engineering workstationUser interaction required to triggerAffects OT engineering environmentNo public exploit available yet

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

DTM Soft: <=1.30≤ 1.301.60

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict local access to engineering workstations running DTM Soft—limit physical console access and configure host firewall rules to block unnecessary inbound connections

HARDENINGEducate users not to open DTM Soft project files, backups, or attachments from untrusted sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DTM Soft to version 1.60 or later

Long-term hardening

0/1

HARDENINGIsolate DTM Soft engineering workstations from the business network using a dedicated engineering network segment with restricted routing to production control systems

CVEs (1)

CVE-2024-12677

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/96e252f9-921a-40f8-8f9c-e0f04441e702

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.