PatchSiren cyber security CVE debrief
CVE-2024-47131 Delta Electronics CVE debrief
A stack-based buffer overflow vulnerability in Delta Electronics DIAScreen's BACnetObjectInfo function allows remote code execution when a user opens a maliciously crafted file. The vulnerability requires user interaction—an attacker must trick a valid user into running the application with a malicious file. Successful exploitation grants the attacker arbitrary code execution with the privileges of the user running DIAScreen. CISA published this advisory on November 7, 2024, with a CVSS 3.1 score of 7.8 (HIGH). The attack vector is local, requiring low attack complexity and no privileges, but does require user interaction.
- Vendor
- Delta Electronics
- Product
- DIAScreen
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-07
- Original CVE updated
- 2024-11-07
- Advisory published
- 2024-11-07
- Advisory updated
- 2024-11-07
Who should care
Organizations using Delta Electronics DIAScreen for HMI/SCADA development in industrial control systems, particularly in critical infrastructure sectors. Security teams responsible for OT/ICS asset management, patch management programs covering industrial software, and incident response teams supporting manufacturing or process control environments.
Technical summary
CVE-2024-47131 is a stack-based buffer overflow in the BACnetObjectInfo function of Delta Electronics DIAScreen, an HMI/SCADA development software used in industrial automation. The vulnerability is triggered when parsing malicious file content, leading to memory corruption that can be exploited for arbitrary code execution. The attack requires social engineering to convince a user to open a crafted file with DIAScreen. The CVSS 3.1 score of 7.8 reflects high impacts to confidentiality, integrity, and availability, though the local attack vector and required user interaction reduce exploitability compared to network-facing vulnerabilities. This vulnerability class is particularly dangerous in OT environments where DIAScreen is used to develop operator interfaces for critical infrastructure systems.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to Delta Electronics DIAScreen v1.5.0 or later to remediate this vulnerability.
- Apply principle of least privilege to DIAScreen users to limit impact of potential exploitation.
- Implement application whitelisting to prevent execution of unauthorized or modified DIAScreen binaries.
- Train users to recognize and avoid opening untrusted files, particularly those received via email or downloaded from untrusted sources.
- Consider network segmentation for systems running DIAScreen to limit lateral movement in case of compromise.
- Monitor for anomalous DIAScreen process behavior, particularly unexpected network connections or child process creation.
Evidence notes
CISA CSAF advisory ICSA-24-312-02 published 2024-11-07 identifies Delta Electronics DIAScreen versions prior to v1.5.0 as affected. The vulnerability exists in the BACnetObjectInfo function and can be triggered via malicious file parsing. CVSS 3.1 vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Official resources
-
CVE-2024-47131 CVE record
CVE.org
-
CVE-2024-47131 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-07