CVE-2024-12835 is an out-of-bounds write vulnerability classified under CWE-787, found in Delta Electronics DRASimuCAD version 1.02. The vulnerability arises from improper validation of user-supplied data during the parsing of ICS files, which are used within the software to simulate industrial control systems. Specifically, the flaw allows an attacker to write beyond the allocated buffer boundaries, leading to memory corruption. This memory corruption can be exploited to execute arbitrary code remotely in the context of the DRASimuCAD process. Exploitation requires user interaction, such as opening a crafted malicious ICS file or visiting a malicious webpage that triggers the vulnerable parser. The vulnerability does not require prior authentication or elevated privileges, increasing its risk profile. The CVSS v3.0 score of 7.8 indicates high severity, with impacts on confidentiality, integrity, and availability. Although no known exploits are currently in the wild, the vulnerability was reported by the Zero Day Initiative (ZDI) under identifier ZDI-CAN-22415, indicating credible discovery and responsible disclosure. The lack of a patch at the time of publication necessitates immediate mitigation efforts by affected organizations. DRASimuCAD is used primarily in industrial automation and control system simulation environments, making this vulnerability particularly critical for operational technology (OT) environments where safety and reliability are paramount.

The vulnerability allows remote code execution within the context of DRASimuCAD, potentially enabling attackers to take full control of the affected system. This can lead to unauthorized access to sensitive simulation data, manipulation of industrial control system models, and disruption of simulation activities critical for system design and testing. In operational environments, exploitation could cascade to broader network compromise, impacting industrial processes and safety. The requirement for user interaction limits mass exploitation but targeted attacks against engineers or operators using DRASimuCAD are plausible. The compromise of simulation environments can undermine trust in system validation and increase the risk of deploying flawed control systems. Given the high confidentiality, integrity, and availability impacts, organizations relying on DRASimuCAD for ICS simulation face significant operational and security risks.

1. Apply patches or updates from Delta Electronics as soon as they become available to address this vulnerability. 2. Until patches are released, restrict the opening of ICS files to trusted sources only and implement strict file validation policies. 3. Employ application whitelisting to prevent execution of unauthorized or suspicious files within the DRASimuCAD environment. 4. Use sandboxing or isolated environments for opening ICS files to limit potential damage from exploitation. 5. Educate users about the risks of opening files from untrusted sources and the importance of verifying file origins. 6. Monitor network and host activity for unusual behavior indicative of exploitation attempts, such as unexpected process execution or memory anomalies. 7. Implement network segmentation to isolate simulation environments from critical operational networks to contain potential breaches. 8. Regularly back up simulation data and configurations to enable recovery in case of compromise.