Hacking into manufacturing plant security with Delta Automation DOPSoft flaw

Web application penetration testing specialists reported the finding of two critical vulnerabilities in the Industrial Automation DOPSoft system of technology company Delta Electronics. According to the report, the successful exploitation of these flaws could lead to a total compromise of the affected system, as threat actors would gain the ability to read or modify system information, execute arbitrary code, and even shut down the application.

DPOSoft is a human-machine interface (HMI) editing software widely used in critical industrial environments around the world. According to the report, the following system versions are affected by the flaws:

  • DOPSoft v4.00.08.15 and all previous versions

The vulnerability was reported by web security specialist Natnael Samson, in collaboration with Trend Micro’s Zero Day Initiative.

Below is a brief description of the flaws, in addition to their identification keys and scores according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-10597: In this attack, it is possible to exploit multiple out-of-bounds read vulnerabilities by processing specially designed files, allowing threat actors to access information or block THE DOPSoft software. The flaw received a score of 4.4/10, so it is considered an average severity error.

CVE-2020-14482: When opening a specially crafted project file, hackers can generate a heap overflow, triggering remote code execution, disclosure of potentially sensitive information or even generating a target software crash. The vulnerability received a score of 7.8/10, making it a high severity flaw.

In response, manufacturers plan to release version 4.00.08.17 (and later). The release of the fixes could take until mid-July, web security experts mention. In turn, Delta Electronics recommends that affected users restrict the interaction of this system with sensitive files until updates become available.

While updates are released, users can take some steps to mitigate the risk of exploitation, such as:

  • Minimize network exposure for all devices or systems
  • Identify the control system networks and remote devices behind firewalls and isolate them from the enterprise network
  • When remote access is required, use secure methods, such as virtual private networks (VPNs). Always remember to keep your VPN solution up to date

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.