A new bug has been reported in a Delta ICS controller that oversees HVAC, lighting, sensor and alarm systems, etc. The vulnerability could allow malicious actors on the same network complete control of the operating system. The bug is caused by a buffer-overflow vulnerability, i.e. a mismatch in the memory sizes used to handle incoming network data.
The researchers used broadcast traffic (launching attack without knowing target’s location on the network) and were able to control any hardware connected to the vulnerable manager by remotely issuing commands to it.
Delta enteliBUS Manager
Delta Controls has issued a patch, which should be applied quickly.