Delta Electronics CNCSoft-B DOPSoft Heap-based buffer overflow
CVE-2023-24014

7.8HIGH

Key Information:

Vendor: Delta Electronics
Status: CNCSoft-B DOPSoft
Vendor: CVE Published:; 7 June 2023

Summary

Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and earlier are susceptible to a heap-based buffer overflow. This vulnerability enables attackers to exploit the software to potentially execute arbitrary code, posing significant risks to system integrity and security.

Affected Version(s)

CNCSoft-B DOPSoft 0 < 4.0.0.82

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-1...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
Feb 8, 2023

Credit

Natnael Samson, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.