PatchSiren cyber security CVE debrief
CVE-2024-12835 Delta Electronics CVE debrief
CVE-2024-12835 is a high-severity buffer overflow vulnerability in Delta Electronics DRASimuCAD, an industrial automation simulation software. The flaw exists in versions 1.02.00.00 and earlier, where opening a specially crafted file can force the program to write data outside its intended buffer boundary. This out-of-bounds write condition enables code execution with the privileges of the logged-in user. The vulnerability was disclosed by CISA on January 9, 2025, with an updated advisory published on January 16, 2025, confirming patch availability. The CVSS 3.1 score of 7.8 reflects high impacts to confidentiality, integrity, and availability, with a local attack vector requiring user interaction through file opening. No evidence of active exploitation or ransomware campaign use has been documented. Delta Electronics has released a vendor patch that must be applied over the base v1.02.00.00 installation.
- Vendor
- Delta Electronics
- Product
- DRASimuCAD
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-09
- Original CVE updated
- 2025-01-16
- Advisory published
- 2025-01-09
- Advisory updated
- 2025-01-16
Who should care
Organizations operating Delta Electronics DRASimuCAD in industrial automation environments, including manufacturing facilities, system integrators, and engineering teams responsible for robot simulation and programming. Security teams defending OT/ICS environments with Delta Electronics equipment should prioritize this patch given the high severity and potential for code execution.
Technical summary
The vulnerability stems from improper input validation during file parsing in DRASimuCAD. When processing a maliciously crafted file, the application fails to enforce buffer boundaries, resulting in an out-of-bounds write condition. The attack requires local access with user interaction—specifically, the victim must open the malicious file. Successful exploitation grants the attacker execution capabilities within the context of the current user process. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates local attack vector, low attack complexity, no privileges required, user interaction required, and high impacts across confidentiality, integrity, and availability. The CVSS 4.0 vector confirms consistent scoring with local attack vector and active user interaction requirements.
Defensive priority
high
Recommended defensive actions
- Apply Delta Electronics vendor patch for DRASimuCAD v1.02.00.00 available through Delta Download Center
- Verify patch installation by confirming updated file versions in DRASimuCAD installation directory
- Implement application whitelisting to prevent execution of untrusted DRASimuCAD project files
- Train users to avoid opening DRASimuCAD files from untrusted sources, including email attachments and Internet downloads
- Isolate engineering workstations running DRASimuCAD from business networks and Internet exposure
- Deploy host-based intrusion detection on DRASimuCAD workstations to monitor for anomalous process behavior
Evidence notes
Vulnerability confirmed through CISA ICS advisory ICSA-25-010-03 with vendor acknowledgment. Affected product version explicitly stated as <=1.02.00.00. Patch availability confirmed in Update A revision dated 2025-01-16.
Official resources
-
CVE-2024-12835 CVE record
CVE.org
-
CVE-2024-12835 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-01-09