CISA: Vulnerability in ​​Delta Electronics ICS Software Exploited in Attacks


A vulnerability affecting industrial automation software from Delta Electronics appears to have been exploited in attacks, and the US Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to take action as soon as possible.

CISA on Thursday added 10 security flaws to its Known Exploited Vulnerabilities Catalog and instructed federal agencies to address them by September 15.

One of the flaws is CVE-2021-38406, a high-severity remote code execution vulnerability affecting the Delta Electronics DOPSoft 2 software, which is used for designing and programming human-machine interfaces (HMIs). The vulnerability is an out-of-bounds write issue and it can be exploited by getting the targeted user to open a specially crafted project file.

Read more…