Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Flaws in Delta OT Monitoring Product Can Allow Hackers to Hide Destructive Activities

Critical vulnerabilities in a Delta OT monitoring product can allow hackers to hide their destructive activities from the victim.

Delta InfraSuite vulnerabilities

Critical vulnerabilities in a Delta Electronics operational technology (OT) monitoring product can allow hackers to hide destructive activities from the targeted organization’s employees.

The affected product is Delta’s InfraSuite Device Master and the existence of the vulnerabilities came to light in late November, when advisories were published by the US cybersecurity agency CISA and Trend Micro’s Zero Day Initiative (ZDI), which coordinated the disclosure on behalf of researchers Piotr Bazydlo and Nguyen Dinh Hoang.

InfraSuite Device Master is described by the vendor as a data center facility monitoring software that enables real-time monitoring of critical devices, including power and cooling systems, building sensors, and industrial control systems (ICS) such as programmable logic controllers (PLCs) and power meters. 

Four types of vulnerabilities have been identified, including two that have been assigned a ‘critical severity’ rating. The critical flaws can be exploited by a remote, unauthenticated attacker to execute arbitrary code on the targeted system.

The other two security holes, rated ‘high severity’, can be exploited for remote code execution and to obtain sensitive information, such as plaintext credentials. 

ZDI’s Dustin Childs told SecurityWeek that one of the critical vulnerabilities, tracked as CVE-2023-47207, can be exploited from the internet if the system is accessible from the web. 

“A successful exploit would allow the attacker to gain administrative privileges,” Childs explained. “They would be able to take any actions an administrator would normally be able to perform.”

In a real world environment, Childs said, an attacker could exploit the vulnerabilities to compromise InfraSuite Device Master and hide potentially important alerts from the operator.

Advertisement. Scroll to continue reading.

If the attacker uses other exploits to target an OT system within the victim’s environment in an attempt to cause disruption or damage, they could also hack the Delta monitoring product to hide messages indicating a problem with the OT system. 

Childs said a perfect example of such an attack in the real world is Stuxnet, in which malware was designed to cause damage to ICS associated with centrifuges at the Natanz nuclear facility in Iran, while also attempting to hide the manipulation of centrifuge behavior. 

Delta Electronics product vulnerabilities have reportedly been targeted by malicious actors

Related: Delta Electronics Patches Serious Flaws in Industrial Networking Devices

Related: Unpatched Loytec Building Automation Flaws Disclosed 2 Years After Discovery 

Related: Many Critical Flaws Patched in Delta Electronics Energy Management System

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights