Delta Electronics Delta Industrial Automation DOPSoft DPS File wTextLen Buffer Overflow Remote Code Execution
CVE-2023-43818

7.8HIGH

Key Information:

Vendor: Delta Electronics
Status: DOPSoft
Vendor: CVE Published:; 18 January 2024

Summary

A buffer overflow vulnerability exists in Delta Electronics' DOPSoft software used for industrial automation. This flaw allows remote, unauthenticated attackers to execute arbitrary code on affected systems. By convincing a user to open a maliciously crafted DPS file, the attacker can exploit this vulnerability to gain control of the system, potentially leading to unauthorized access and manipulation of industrial environments. Organizations utilizing DOPSoft should consider implementing security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

DOPSoft 2.00.00.00 <= 2.00.07.04

References

https://blog.exodusintel.com/2024/01/18/delta-electronics...

third-party-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2024
Vulnerability Reserved
Sep 22, 2023

Credit

Exodus Intelligence