Login Sign Up

CVE-2023-24014

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

Delta Electronics CNCSoft-B DOPSoft versions 1.0.0.4 and prior contain a heap-based buffer overflow vulnerability that could allow remote attackers to execute arbitrary code on affected systems. This affects industrial control systems using these software versions for CNC machine programming and HMI development. Attackers could potentially take control of industrial equipment.

💻 Affected Systems

Products:
  • Delta Electronics CNCSoft-B DOPSoft
Versions: 1.0.0.4 and prior
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Industrial control systems using this software for CNC programming and HMI development are affected.

📦 What is this software?

Cncsoft B by Deltaww

View all CVEs affecting Cncsoft B →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary code, disrupt manufacturing operations, manipulate CNC machines, and potentially cause physical damage or safety incidents.

🟠

Likely Case

Remote code execution leading to data theft, ransomware deployment, or disruption of manufacturing processes in affected industrial environments.

🟢

If Mitigated

Limited impact if systems are isolated, properly segmented, and monitored, though risk remains if vulnerable software is accessible.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Buffer overflow vulnerabilities in industrial software often become targets for sophisticated attackers targeting critical infrastructure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.0.0.5 or later

Vendor Advisory: https://www.deltaww.com/en-US/Service/DownloadCenter

Restart Required: Yes

Instructions:

1. Download latest version from Delta Electronics website. 2. Backup existing configurations. 3. Uninstall vulnerable version. 4. Install patched version. 5. Restart system. 6. Verify installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate CNC systems from corporate networks and internet access

Application Whitelisting

windows

Restrict execution to only authorized applications on CNC systems

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate vulnerable systems
  • Deploy host-based intrusion detection and monitor for anomalous behavior

🔍 How to Verify

Check if Vulnerable:

Check software version in Help > About or program properties. If version is 1.0.0.4 or earlier, system is vulnerable.

Check Version:

Check application properties or Help > About menu within CNCSoft-B DOPSoft

Verify Fix Applied:

Verify installed version is 1.0.0.5 or later and test software functionality with sample CNC programs.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from CNCSoft-B
  • Memory access violations in application logs
  • Unexpected network connections from CNC systems

Network Indicators:

  • Unusual traffic to/from CNC system ports
  • Anomalous protocol patterns in industrial network segments

SIEM Query:

source="cnc-software" AND (event_type="crash" OR event_type="buffer_overflow")

📊 Metadata

CVE ID: CVE-2023-24014
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: June 7, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24014, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)