January 18, 2024 - Exodus Intelligence

Delta Electronics Delta Industrial Automation DOPSoft DPS File wTextLen Buffer Overflow Remote Code Execution

January 18, 2024 by Exodus Intel VRT

EIP-29f0f63c

A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-29f0f63c
MITRE: CVE-2023-43818

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv2 Score: 6.8

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: March 8, 2023
Vendor response to disclosure: March 22, 2023
Disclosed to public: January 18, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

Delta Electronics Delta Industrial Automation DOPSoft DPS File InitialMacroLen Buffer Overflow Remote Code Execution

January 18, 2024January 18, 2024 by Exodus Intel VRT

EIP-2ac577d8

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the InitialMacroLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-2ac577d8
MITRE: CVE-2023-43819

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv2 Score: 6.8

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: March 8, 2023
Vendor response to disclosure: March 22, 2023
Disclosed to public: January 18, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

Delta Electronics Delta Industrial Automation DOPSoft DPS File wLogTitlesPrevValueLen Buffer Overflow Remote Code Execution

January 18, 2024January 18, 2024 by Exodus Intel VRT

EIP-b1c30ad0

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesPrevValueLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-b1c30ad0
MITRE: CVE-2023-43820

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv2 Score: 6.8

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: March 8, 2023
Vendor response to disclosure: March 22, 2023
Disclosed to public: January 18, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

Delta Electronics Delta Industrial Automation DOPSoft DPS File wLogTitlesActionLen Buffer Overflow Remote Code Execution

January 18, 2024January 18, 2024 by Exodus Intel VRT

EIP-0dffc5aa

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesActionLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-0dffc5aa
MITRE: CVE-2023-43821

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv2 Score: 6.8

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: March 8, 2023
Vendor response to disclosure: March 22, 2023
Disclosed to public: January 18, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

Delta Electronics Delta Industrial Automation DOPSoft DPS File wTTitleLen Buffer Overflow Remote Code Execution

January 18, 2024January 18, 2024 by Exodus Intel VRT

EIP-2fdb5241

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTTitleLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-2fdb5241
MITRE: CVE-2023-43823

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv2 Score: 6.8

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: March 8, 2023
Vendor response to disclosure: March 22, 2023
Disclosed to public: January 18, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

Delta Electronics Delta Industrial Automation DOPSoft DPS File wTitleTextLen Buffer Overflow Remote Code Execution

January 18, 2024January 18, 2024 by Exodus Intel VRT

EIP-10b37d9e

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-10b37d9e
MITRE: CVE-2023-43824

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv2 Score: 6.8

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: March 8, 2023
Vendor response to disclosure: March 22, 2023
Disclosed to public: January 18, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

Delta Electronics ISPSoft Heap Buffer-Overflow

January 18, 2024January 18, 2024 by Exodus Intel VRT

EIP-a76f2f23

A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-a76f2f23
MITRE: CVE-2023-5131

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:H/Au:N/C:C/I:P/A:C
CVSSv2 Score: 7.3

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to vendor: March 8, 2023
Vendor response to disclosure: March 22, 2023
Disclosed to public: January 18, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

Delta Electronics Delta Industrial Automation DOPSoft DPS File wScreenDESCTextLen Buffer Overflow Remote Code Execution

January 18, 2024January 18, 2024 by Exodus Intel VRT

EIP-fe441d93

A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wScreenDESCTextLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-fe441d93
MITRE: CVE-2023-43815

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv2 Score: 6.8

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to vendor: March 8, 2023
Vendor response to disclosure: March 22, 2023
Disclosed to public: January 18, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

Delta Electronics Delta Industrial Automation DOPSoft DPS File wLogTitlesTimeLen Buffer Overflow Remote Code Execution

January 18, 2024January 18, 2024 by Exodus Advisories

EIP-32a68e8b

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-32a68e8b
MITRE: CVE-2023-43822

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv2 Score: 6.8

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: March 8, 2023
Vendor response to disclosure: March 22, 2023
Disclosed to public: January 18, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

Delta Electronics Delta Industrial Automation DOPSoft DPS File wMailContentLen Buffer Overflow Remote Code Execution

January 18, 2024January 18, 2024 by Exodus Intel VRT

EIP-a31ff40d

A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wMailContentLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-a31ff40d
MITRE: CVE-2023-43817

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv2 Score: 6.8

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to vendor: March 8, 2023
Vendor response to disclosure: March 22, 2023
Disclosed to public: January 18, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

EIP-29f0f63c

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-2ac577d8

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-b1c30ad0

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-0dffc5aa

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-2fdb5241

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-10b37d9e

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-a76f2f23

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-fe441d93

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-32a68e8b

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-a31ff40d

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

Intelligence

Support

Company