Delta Controls Cybersecurity Program
Delta Controls has always focused our efforts on providing solutions that are innovative, responsive, and easy to implement, and our cybersecurity program is no different.
The building controls systems of today are much more connected, and we can expect even greater connectivity in the future as more internet devices come online. With this comes an increase in the risk of exposure to vulnerabilities and threats.
Through industry standards such as OWASP, ISO, and NIST, Delta Controls has the policies, processes and testing in place to ensure we are delivering secure products. We are dedicated to ensuring that building networks remain protected through IT integration best practices, constant product appraisal and timely security updates.
Our Delta Controls cybersecurity teams are here to help you navigate the vulnerabilities and security challenges we face daily. See below for the ways that you can be aware of and participate in our cybersecurity program.
Cybersecurity Mission & Vision
Mission Statement
To manage the security of customer information, employee details, intellectual property, and other assets which support all areas of Delta Controls and efficiently mitigates all attempts at cyber-attack with zero data loss.
Vision Statement
A secure information infrastructure that inspires technological innovation and fosters growth with zero downtime.
Delta Controls Secure Software Development Lifecycle
At Delta Controls, our development team creates products in a secure development environment based on cybersecurity standards and best practices. Like our quality program, we build cybersecurity into our products at every stage. From conception through release, security is our priority.
- Dedicated product development security team
- Regular peer reviews for common coding vulnerabilities
- Security factored into product requirements
- Product security testing using the latest tools and techniques
- Developing products on the latest secure third party software
- Expedited turnaround time for reported vulnerabilities
- Best practices for secure code base and repositories
- Product hardening guides
- Best Practices based on OWASP, ISO 27002, and IEC 62443 4-1
Delta Controls Security Advisories
Communication and the sharing of information is an essential part of our cybersecurity program. Delta Controls provides the following product advisories to help you manage and address the security risks for your sites.
Delta Controls monitors and reports cybersecurity threats so our customers can proactively take the necessary mitigation steps or work with the Partner in your area to keep your building network secure.
It is crucial to monitor these alerts and take the necessary action to ensure that your sites remain as secure as possible. Cybersecurity is everyone’s responsibility. Our cybersecurity team and your local Delta Controls Partner are ready to help with your security challenges and concerns.
Security Bulletins for Delta Controls Products
| Date | Number | Product | Description | Attachment |
| Jan 27, 2025 | SecB0011 | enteliWEB | When navigating to enteliWEB using Google Chrome, some users are presented with a ‘Dangerous Site’ warning page. | |
| June 14, 2024 | SecB0010 | enteliWEB | In PHP versions earlier than 3.5 when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use “Best-Fit” behavior to replace characters in command line given to WinHI API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. | |
| Jan 22, 2024 | SecB0009 | Niagara Tridium | The Niagara Framework® has been updated to address a vulnerability in the libwebp component utilized by jxBrowser. | |
| Oct 31, 2023 | SecB0008 | enteliSYNC | A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. | |
| Oct 16, 2023 | SecB0007 | enteliCLOUD | A provider of threat intelligence and mitigation solutions mistakenly identified enteliCLOUD.com as a phishing threat. | |
| Nov 16, 2022 | SecB0006 | Open SSL Ver. 3.0.0-3.0.6 | CVE-2022-3786 AND CVE-2022-3602 | |
| February 3, 2022 | SecB005 | CopperCube | CVE-2021-4034 Polkit’s pkexec utility vulnerability | |
| January 21, 2020 | SecB003 | enteliWEB version 4.13 | Contains a file path traversal vulnerability which allows files on the server to be accessed by authenticated enteliWEB users | |
| Sept 10, 2019 | SecB002 | Delta N4 Workbench and Supervisor Delta JACE controllers | Niagara JACE, Edge 10 QNX Vulnerabilities | |
| July 18, 2019 | SecB001 | enteliBUS | enteliBUS controllers running firmware 3.40 R5 build 571848 or earlier versions contain a buffer overflow vulnerability which allows for remote code execution |
