You are here

Delta Electronics Delta Industrial Automation TPEditor (UPDATE A) (ICSA-18-137-04) – Product Used in the Energy Sector

Delta Electronics Delta Industrial Automation TPEditor (UPDATE A) (ICSA-18-137-04) – Product Used in the Energy Sector

Created: Thursday, June 7, 2018 - 15:28
Categories:
Cybersecurity

June 7, 2018

The NCCIC has updated this advisory with additional details on mitigating measures. NCCIC/ICS-CERT.

May 17, 2018

The NCCIC has released an advisory on a heap-based buffer overflow vulnerability in Delta Electronics Delta Industrial Automation TPEditor. Version 1.89 and prior are affected. Successful exploitation of this vulnerability could crash the accessed device, resulting in a buffer overflow condition that may allow remote code execution. Until Delta Electronics releases a new version of TPEditor, the company suggests that affected users should restrict the interaction with the application to trusted files. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.