Delta Electronics DTM Soft

Plan Patch7.8ICS-CERT ICSA-25-191-07Jul 10, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics DTM Soft versions 1.6.0.0 and earlier contain an unsafe deserialization vulnerability (CWE-502) that allows local attackers to execute arbitrary code on engineering workstations. The vulnerability is triggered when a user opens or processes a malicious file. Successful exploitation could lead to encryption of files for ransom or data theft from project files and system configurations. The vulnerability is not remotely exploitable and requires local file access and user interaction. Delta has released a patched version on their Download Center.

What this means

What could happen

An attacker with local access to a machine running DTM Soft can exploit an unsafe deserialization flaw to run arbitrary code, potentially encrypting files and extracting sensitive data from the engineering workstation.

Who's at risk

Engineering and IT personnel who use Delta Electronics DTM Soft for industrial automation and process control system configuration are affected. This includes staff at water utilities, electric utilities, manufacturing facilities, and other critical infrastructure operators who rely on Delta's control system software for PLC programming, monitoring, and engineering workflows.

How it could be exploited

An attacker must trick a user into opening a malicious file or interacting with crafted input on a system running DTM Soft. The vulnerability is in how the application deserializes untrusted data, allowing the attacker to execute arbitrary code with the privileges of the user running the application. From there, the attacker can encrypt files or steal configuration and project data.

Prerequisites

Local file access or ability to deliver a malicious file to the workstation
User interaction required (user must open or process the malicious file)
DTM Soft version 1.6.0.0 or earlier must be installed

Low complexity attackUser interaction requiredAffects engineering workstations and design systemsNo patch available for current versionsUnsafe deserialization vulnerability

Exploitability

Moderate exploit probability (EPSS 1.1%)

Affected products (1)

ProductAffected VersionsFix Status

DTM Soft: <=1.6.0.0≤ 1.6.0.0Latest version available on Delta Electronics Download Center

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDDisable unnecessary file sharing and email features on engineering workstations running DTM Soft

HARDENINGBlock external email attachments and warn users not to click links in unsolicited emails

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DTM Soft to the latest version available on Delta Electronics Download Center

Long-term hardening

0/3

HARDENINGRestrict DTM Soft installations to isolated engineering workstations with limited file-sharing and email access

HARDENINGImplement endpoint protection (antivirus/EDR) on engineering workstations to detect ransomware behavior

HARDENINGSegment engineering workstations from the business network using firewalls and VLANs

CVEs (1)

CVE-2025-53415

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/29c5c6fd-69b2-4085-9410-96ebf6077886