Login Sign Up

CVE-2023-0124

7.8 HIGH
Remote Code Execution

📋 TL;DR

Delta Electronics DOPSoft versions 4.00.16.22 and prior contain an out-of-bounds write vulnerability that allows remote code execution when processing malicious files. This affects industrial control system operators using DOPSoft HMI configuration software. Attackers could gain full control of affected systems.

💻 Affected Systems

Products:
  • Delta Electronics DOPSoft
Versions: 4.00.16.22 and prior
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects HMI configuration software used in industrial environments. Vulnerability triggers when processing specially crafted files.

📦 What is this software?

Dopsoft by Deltaww

View all CVEs affecting Dopsoft →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining administrative privileges, installing malware, disrupting industrial processes, and pivoting to other network systems.

🟠

Likely Case

Remote code execution leading to data theft, ransomware deployment, or industrial process manipulation.

🟢

If Mitigated

Limited impact with proper network segmentation and file validation controls preventing exploitation.

🌐 Internet-Facing: MEDIUM - Requires file transfer to vulnerable system, but could be exploited via phishing or compromised websites.
🏢 Internal Only: HIGH - Industrial networks often have limited security controls, making lateral movement easier once initial access is gained.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction to open malicious file. No public exploit code available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.00.16.23 or later

Vendor Advisory: https://www.deltaww.com/en-US/Service/DownloadCenter

Restart Required: Yes

Instructions:

1. Download latest DOPSoft version from Delta Electronics website. 2. Uninstall current version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Restrict File Processing

windows

Implement application whitelisting to prevent execution of unauthorized files in DOPSoft directories.

Network Segmentation

all

Isolate DOPSoft systems from untrusted networks and implement strict firewall rules.

🧯 If You Can't Patch

  • Implement strict file validation controls - only allow trusted, verified files to be processed by DOPSoft
  • Deploy endpoint detection and response (EDR) solutions with behavioral monitoring for abnormal process execution

🔍 How to Verify

Check if Vulnerable:

Check DOPSoft version in Help > About menu. If version is 4.00.16.22 or earlier, system is vulnerable.

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

Verify version is 4.00.16.23 or later in Help > About menu after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in DOPSoft directories
  • Abnormal process creation from DOPSoft executable

Network Indicators:

  • Unexpected outbound connections from DOPSoft systems
  • File transfers to/from DOPSoft workstations

SIEM Query:

Process Creation where Image contains 'DOPSoft' AND CommandLine contains unusual file extensions

📊 Metadata

CVE ID: CVE-2023-0124
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: February 3, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0124, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)