Login Sign Up

CVE-2021-38406

7.8 HIGH
Remote Code Execution

📋 TL;DR

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) has a memory corruption vulnerability when parsing project files, allowing attackers to execute arbitrary code with the privileges of the current user. This affects industrial control system operators using Delta's HMI configuration software. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:
  • Delta Electronic DOPSoft 2
Versions: Version 2.00.07 and prior
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations of vulnerable versions; exploitation requires user interaction to open malicious project files.

📦 What is this software?

Dopsoft by Deltaww

View all CVEs affecting Dopsoft →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, manipulation of industrial processes, data theft, or ransomware deployment.

🟠

Likely Case

Local privilege escalation or code execution when malicious project files are opened by users.

🟢

If Mitigated

Limited impact with proper network segmentation and user privilege restrictions.

🌐 Internet-Facing: LOW (software typically not exposed directly to internet)
🏢 Internal Only: HIGH (vulnerability can be exploited via malicious project files on internal networks)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user to open specially crafted project file; no authentication bypass needed once file is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.00.08 or later

Vendor Advisory: https://www.deltaww.com/en-US/Support/Downloads/Detail?code=DOPSoft

Restart Required: Yes

Instructions:

1. Download DOPSoft 2 version 2.00.08 or later from Delta website. 2. Uninstall previous version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Restrict project file handling

windows

Configure application to only open project files from trusted sources; implement file integrity checking.

User privilege reduction

windows

Run DOPSoft with limited user privileges to reduce impact of successful exploitation.

🧯 If You Can't Patch

  • Isolate DOPSoft systems on separate network segments with strict firewall rules
  • Implement application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check DOPSoft version via Help > About menu; versions 2.00.07 and earlier are vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version is 2.00.08 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes of DOPSoft.exe
  • Unusual file access patterns to .dop project files

Network Indicators:

  • Unusual network connections from DOPSoft process

SIEM Query:

Process: DOPSoft.exe AND (EventID: 1000 OR EventID: 1001) OR FileAccess: *.dop from untrusted sources

📊 Metadata

CVE ID: CVE-2021-38406
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: September 17, 2021
Last Updated: October 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38406, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)