Connect with us

Hi, what are you looking for?



Flaws in Delta OT Monitoring Product Can Allow Hackers to Hide Destructive Activities

Critical vulnerabilities in a Delta OT monitoring product can allow hackers to hide their destructive activities from the victim.

Delta InfraSuite vulnerabilities

Critical vulnerabilities in a Delta Electronics operational technology (OT) monitoring product can allow hackers to hide destructive activities from the targeted organization’s employees.

The affected product is Delta’s InfraSuite Device Master and the existence of the vulnerabilities came to light in late November, when advisories were published by the US cybersecurity agency CISA and Trend Micro’s Zero Day Initiative (ZDI), which coordinated the disclosure on behalf of researchers Piotr Bazydlo and Nguyen Dinh Hoang.

InfraSuite Device Master is described by the vendor as a data center facility monitoring software that enables real-time monitoring of critical devices, including power and cooling systems, building sensors, and industrial control systems (ICS) such as programmable logic controllers (PLCs) and power meters. 

Four types of vulnerabilities have been identified, including two that have been assigned a ‘critical severity’ rating. The critical flaws can be exploited by a remote, unauthenticated attacker to execute arbitrary code on the targeted system.

The other two security holes, rated ‘high severity’, can be exploited for remote code execution and to obtain sensitive information, such as plaintext credentials. 

ZDI’s Dustin Childs told SecurityWeek that one of the critical vulnerabilities, tracked as CVE-2023-47207, can be exploited from the internet if the system is accessible from the web. 

“A successful exploit would allow the attacker to gain administrative privileges,” Childs explained. “They would be able to take any actions an administrator would normally be able to perform.”

In a real world environment, Childs said, an attacker could exploit the vulnerabilities to compromise InfraSuite Device Master and hide potentially important alerts from the operator.

Advertisement. Scroll to continue reading.

If the attacker uses other exploits to target an OT system within the victim’s environment in an attempt to cause disruption or damage, they could also hack the Delta monitoring product to hide messages indicating a problem with the OT system. 

Childs said a perfect example of such an attack in the real world is Stuxnet, in which malware was designed to cause damage to ICS associated with centrifuges at the Natanz nuclear facility in Iran, while also attempting to hide the manipulation of centrifuge behavior. 

Delta Electronics product vulnerabilities have reportedly been targeted by malicious actors

Related: Delta Electronics Patches Serious Flaws in Industrial Networking Devices

Related: Unpatched Loytec Building Automation Flaws Disclosed 2 Years After Discovery 

Related: Many Critical Flaws Patched in Delta Electronics Energy Management System

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.


Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...


Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...