Delta Electronics EIP Builder
MonitorCVSS 5.5ICS-CERT ICSA-25-245-01Sep 2, 2025
Delta Electronics
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Delta Electronics EIP Builder versions 1.11 and earlier contain an unsafe external entity (XXE) processing vulnerability that could allow disclosure of sensitive information if a user opens a malicious file in the application.
What this means
What could happen
An attacker with local access to a machine running EIP Builder could trick a user into opening a malicious file, potentially exposing sensitive configuration data or project information stored on that machine.
Who's at risk
Organizations using Delta Electronics EIP Builder for industrial process design and configuration should prioritize this update. EIP Builder is used by system integrators, maintenance teams, and process engineers who develop and manage control logic for Delta industrial equipment. The vulnerability affects engineering workstations and office machines where EIP Builder projects are edited.
How it could be exploited
An attacker crafts a malicious XML file (or similar document) that exploits unsafe external entity processing. If a user opens this file in EIP Builder, the application processes the dangerous external entity and may disclose sensitive information from the system where EIP Builder is running, such as configuration files or project data.
Prerequisites
- User interaction required: a user must open a malicious file in EIP Builder
- Local or network access to the machine where EIP Builder is running
- EIP Builder version 1.11 or earlier
User interaction requiredAffects engineering/design toolsInformation disclosure risk
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (1)
ProductAffected VersionsFix Status
EIP Builder: <=1.11≤ 1.111.12
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate EIP Builder to version 1.12 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/7986c996-68ef-4ddb-acc1-6c5c29272043Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.