OTPulse
FeedAboutContact

Delta Electronics EIP Builder

Monitor5.5ICS-CERT ICSA-25-245-01Sep 2, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Delta Electronics EIP Builder contains an XML External Entity (XXE) injection vulnerability (CWE-611) in versions 1.11 and earlier. Successful exploitation could allow an attacker to process dangerous external entities, potentially disclosing sensitive information through XXE attacks.

What this means
What could happen
An attacker with local access to a workstation running EIP Builder could read sensitive files from the system, such as configuration files or project data containing network information or credentials, by exploiting XXE when opening a malicious XML file.
Who's at risk
Engineering and automation teams that use Delta Electronics EIP Builder for control system configuration and project development. This affects design and engineering workstations used to build and modify PLC and industrial control system programs.
How it could be exploited
An attacker crafts a malicious XML file with external entity definitions and distributes it via email or web link. A user with EIP Builder installed opens the file, triggering the XXE vulnerability. The application processes the external entity and returns sensitive file contents (such as /etc/passwd on Linux or local config files) to the attacker, or writes files to disk if XXE is blind.
Prerequisites
  • User must open a malicious XML file in EIP Builder
  • Attacker must have ability to deliver malicious file via email or web link (social engineering)
  • EIP Builder version 1.11 or earlier must be installed on an engineering workstation
Local exploitation only (not remotely exploitable)Requires user interaction (opening malicious file)Low attack complexityAffects information confidentiality (disclosure of configuration and credential data)
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
EIP Builder: <=1.11≤ 1.111.12
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDDo not click on untrusted Internet links or open unsolicited email attachments
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EIP Builder to version 1.12 or later
Long-term hardening
0/2
HARDENINGImplement email filtering to block suspicious attachments containing XML or document files from external sources
HARDENINGIsolate engineering workstations running EIP Builder from the business network and Internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/7986c996-68ef-4ddb-acc1-6c5c29272043