1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: DOPSoft
- Vulnerability: Stack-Based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could lead to remote code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Delta Electronics products are affected:
- DOPSoft: All versions
3.2 Vulnerability Overview
3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121
The affected product is vulnerable to a stack-based buffer overflow which may allow to remote code execution if an attacker can lead a legitimate user to execute a specially crafted file.
CVE-2023-5944 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Energy
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Taiwan
3.4 RESEARCHER
Natnael Samson working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.
4. MITIGATIONS
Delta Electronics has declared DOPSoft as end-of-life and recommends users to use DIAScreen instead. This vulnerability does not exist on the newest version of DIAScreen.
Users may download the DIAScreen v1.3.1 (or newer) on the DIAStudio download center
CISA recommends users take defensive measures to minimize the risk of exploitation of this vu
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: