Delta Controls enteliBUS Controllers

Risk Summary

Successful exploitation of this vulnerability could allow an attacker on the same network to gain complete control of the device 's operating system and allow remote code execution.

CVEs (1)

Remediations

• Delta Controls recommends users upgrade from enteliBUS 3.40 firmware to Version 3.40 R6 build 612850. Delta Controls also states it is important buildings are updated to the 3.40 R6 release to mitigate risk. The firmware is only accessible by Delta Controls registered partners and is not available for public download. To acquire the firmware update, contact a Delta Controls distributor or Delta Controls directly.
• Do not leave building controllers exposed to the Internet
• If remote connections to the network are required, use a virtual private network (VPN).
• Secure networks using Tempered Networks products (available through Delta Controls).
• Regularly review and validate the list of users authorized to access sites and controllers.
• Ensure personnel with access to the system are knowledgeable about and are trained to use Delta Controls products and networks.
• Follow security industry recommended practices for securing sites.
• For more information on the vulnerability and more detailed mitigation instructions, please see Delta Controls Security Bulletin “SecB0001: enteliBUS 3.40 Controllers Remote Code Execution Vulnerability.” (Login required; only accessible by Delta Controls registered partners and not available for public download.)

Affected Vendors

Affected Products (3)

Affected Sectors

Commercial Facilities, Government Facilities