Delta Electronics Delta Industrial Automation DOPSoft DPS File wTextLen Buffer Overflow Remote Code Execution
CVE-2023-43818

8.8HIGH

Key Information:

Vendor: Delta Electronics
Status: Dopsoft
Vendor: CVE Published:; 18 January 2024

🔔 Create Delta Electronics Vulnerability Alert

What is CVE-2023-43818?

A buffer overflow vulnerability exists in Delta Electronics' DOPSoft software used for industrial automation. This flaw allows remote, unauthenticated attackers to execute arbitrary code on affected systems. By convincing a user to open a maliciously crafted DPS file, the attacker can exploit this vulnerability to gain control of the system, potentially leading to unauthorized access and manipulation of industrial environments. Organizations utilizing DOPSoft should consider implementing security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

DOPSoft 2.00.00.00 <= 2.00.07.04

References

https://blog.exodusintel.com/2024/01/18/delta-electronics...

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2024
Vulnerability Reserved
Sep 22, 2023

Credit

Exodus Intelligence

CVE-2023-43818 Data

JSON