Delta Electronics DTM Soft

Plan PatchCVSS 7.8ICS-CERT ICSA-25-191-07Jul 10, 2025

Delta Electronics

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics DTM Soft versions 1.6.0.0 and earlier contain an unsafe deserialization vulnerability (CWE-502) that allows an attacker to encrypt files referencing the application and extract information. The vulnerability requires local access and user interaction (e.g., opening a malicious file). No remote exploitation is possible.

What this means

What could happen

An attacker with access to a workstation running DTM Soft could trick a user into opening a malicious file, leading to file encryption and data theft from the engineering environment. This could disrupt engineering workflows and compromise sensitive process configuration data.

Who's at risk

This affects Delta Electronics DTM Soft users, primarily industrial engineers and automation technicians who use the application for configuring and managing Delta automation devices and systems. Engineering workstations and development environments are at risk.

How it could be exploited

An attacker creates a malicious file (likely a serialized object or DTM Soft project file) and sends it to an engineer. When the engineer opens the file in DTM Soft, the unsafe deserialization flaw allows the attacker's code to run, encrypting files on the workstation and exfiltrating data. Exploitation requires social engineering and user interaction; remote exploitation is not possible.

Prerequisites

Local or administrative access to the engineering workstation running DTM Soft version 1.6.0.0 or earlier
User interaction: engineer must open a malicious file in DTM Soft
Unsafe deserialization enabled in the application (default configuration)

Unsafe deserialization (CWE-502)Requires user interaction (social engineering vector)Local access only (not remotely exploitable)Affects confidentiality and integrity (data encryption and theft)Default credentials or configuration not involved

Exploitability

Some exploitation risk — EPSS score 2.0%

Affected products (1)

ProductAffected VersionsFix Status

DTM Soft: <=1.6.0.0≤ 1.6.0.0Latest version available on Delta Electronics Download Center

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGTrain engineers to avoid opening unsolicited files or files from untrusted sources in DTM Soft

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DTM Soft to the latest version available on the Delta Electronics Download Center

Long-term hardening

0/2

HARDENINGRestrict DTM Soft workstations behind a firewall and isolate them from business networks when possible

HARDENINGImplement email security controls to block or flag suspicious attachments that could contain malicious DTM Soft files

CVEs (1)

CVE-2025-53415

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/29c5c6fd-69b2-4085-9410-96ebf6077886

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.