Delta Electronics DRASimuCAD (Update A)

Plan Patch7.8ICS-CERT ICSA-25-010-03Jan 9, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics DRASimuCAD v1.02.00.00 and earlier contains two vulnerabilities: an improper type casting flaw (CWE-843) and a buffer operation vulnerability (CWE-787). Successful exploitation could crash the application or allow code execution on a local system where DRASimuCAD is running. The vulnerabilities require user interaction, such as opening a malicious file or clicking a link, and cannot be exploited remotely. Delta has released a patch via the Delta Download Center.

What this means

What could happen

An attacker with local access to a system running DRASimuCAD could crash the application or execute arbitrary code, potentially disrupting SCADA simulation and engineering activities at your utility.

Who's at risk

This affects utilities and industrial sites that use Delta Electronics DRASimuCAD for SCADA simulation and engineering. Primary concern is engineering workstations used by control system engineers and operators to design and test process logic and alarms before deployment to live systems.

How it could be exploited

An attacker would need to interact with the DRASimuCAD application locally (e.g., by tricking an engineer into opening a malicious file or clicking a malicious link while using the system). The vulnerability involves improper type casting and buffer operations that could allow code execution on the engineering workstation running the software.

Prerequisites

Local access to a workstation running DRASimuCAD v1.02.00.00 or earlier
User interaction required (e.g., opening a file or clicking a link)
No credentials or special system configuration needed

local exploitation onlyuser interaction requiredaffects engineering workstations

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (1)

ProductAffected VersionsFix Status

DRASimuCAD: <=1.02.00.00≤ 1.02.00.001.02.00.00 with patch

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDo not click on untrusted Internet links or open unsolicited email attachments on engineering workstations running DRASimuCAD.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXInstall the Delta DRASimuCAD patch released on the Delta Download Center. Ensure you have v1.02.00.00 installed first, then apply the patch.

Long-term hardening

0/2

HARDENINGIsolate DRASimuCAD workstations from the Internet and place them behind a firewall. Restrict network connectivity to control room and engineering networks only.

HARDENINGIf remote access to engineering workstations is required, use a secure access method such as a VPN with multi-factor authentication.

CVEs (3)

CVE-2024-12834 CVE-2024-12835 CVE-2024-12836

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/45d3abcf-7595-4e38-8531-2642e4cf8dae