Post

Critical Vulnerability in Delta Electronics DTM Soft

Posted
By ictsec.pl
1 min read
Critical Vulnerability in Delta Electronics DTM Soft

Critical Vulnerability in Delta Electronics DTM Soft

A critical vulnerability, CVE-2026-12578, has been identified in Delta Electronics DTM Soft, impacting all versions of DTMSoft. 🚨 Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code. This vulnerability is categorized under CWE-502 Deserialization of Untrusted Data. Delta Electronics DTM Soft is deployed worldwide across Critical Manufacturing sectors.

Delta Electronics is aware of the vulnerability and is currently working on a fix. In the interim, Delta Electronics recommends users apply specific workarounds:

  • Do not open unsolicited project files.
  • Avoid untrusted Internet links.
  • Do not open unexpected attachments from emails, network shares, or USB drives.

It is crucial to always verify the source of the file before opening it. Additionally, users should avoid running the software as an administrator. Running the software with standard user privileges effectively limits the damage of potential malicious code.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Control system networks and remote devices should be located behind firewalls and isolated from business networks.
  • When remote access is required, use more secure methods such as Virtual Private Networks (VPNs).

CISA also reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures and encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Furthermore, CISA recommends users protect themselves from social engineering attacks by not clicking web links or opening attachments in unsolicited email messages. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time, and this vulnerability is not exploitable remotely.

To read the complete article see: Read full article

CYBERSECURITY
DELTA ELECTRONICS VULNERABILITY CYBERSECURITY CISA
This post is licensed under CC BY 4.0 by the author.