PatchSiren cyber security CVE debrief
CVE-2024-12836 Delta Electronics CVE debrief
Delta Electronics DRASimuCAD contains a type confusion vulnerability that allows specially crafted files to supply data of an unexpected type when the program opens files. This vulnerability affects DRASimuCAD versions 1.02.00.00 and earlier. The issue was disclosed by CISA on January 9, 2025, with an update published on January 16, 2025 indicating that a vendor patch became available. The vulnerability requires local access and user interaction to exploit, but successful exploitation can result in high impacts to confidentiality, integrity, and availability.
- Vendor
- Delta Electronics
- Product
- DRASimuCAD
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-09
- Original CVE updated
- 2025-01-16
- Advisory published
- 2025-01-09
- Advisory updated
- 2025-01-16
Who should care
Organizations using Delta Electronics DRASimuCAD for industrial robot simulation and programming, particularly in manufacturing and automation environments where engineering workstations may exchange project files.
Technical summary
Delta Electronics DRASimuCAD fails to properly validate data types when opening files, accepting data of incorrect types from specially crafted files. This type confusion weakness can lead to memory corruption and arbitrary code execution. The vulnerability is exploitable locally with user interaction required (opening a malicious file). The CVSS 3.1 score of 7.8 reflects high impacts across confidentiality, integrity, and availability dimensions. A patch was released by Delta Electronics on January 16, 2025 to address this vulnerability.
Defensive priority
HIGH
Recommended defensive actions
- Apply the vendor patch released January 16, 2025 from Delta Download Center. The patch requires original DRASimuCAD v1.02.00.00 to be installed first.
- Train users not to open untrusted files or click unsolicited email attachments.
- Isolate engineering workstations from business networks and the internet.
- Place DRASimuCAD systems behind firewalls with restricted network access.
- Use VPN for any required remote access to affected systems.
- Review Delta product cybersecurity advisory for additional vendor guidance.
Evidence notes
CISA published advisory ICSA-25-010-03 on January 9, 2025, with Update A on January 16, 2025 confirming patch availability. The advisory identifies affected product as Delta Electronics DRASimuCAD version 1.02.00.00 and earlier. CVSS 3.1 vector confirms local attack vector with required user interaction.
Official resources
-
CVE-2024-12836 CVE record
CVE.org
-
CVE-2024-12836 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-01-09