CVE-2023-43815 – A buffer overflow vulnerability in Delta Electr... (How to Fix)

Q: What is the severity of CVE-2023-43815?

CVE-2023-43815 has a CVSS score of 7.1 (HIGH). A buffer overflow vulnerability in Delta Electronics DOPSoft version 2 allows remote code execution when parsing malicious DPS files. Attackers can exploit this by tricking users into opening specially crafted files. This affects industrial automation systems using vulnerable DOPSoft software.

📋 TL;DR

A buffer overflow vulnerability in Delta Electronics DOPSoft version 2 allows remote code execution when parsing malicious DPS files. Attackers can exploit this by tricking users into opening specially crafted files. This affects industrial automation systems using vulnerable DOPSoft software.

💻 Affected Systems

Products:

Delta Electronics Delta Industrial Automation DOPSoft

Versions: Version 2

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where DOPSoft is used for programming and configuring Delta HMI panels.

📦 What is this software?

Dopsoft by Deltaww

View all CVEs affecting Dopsoft →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the industrial automation workstation, potentially disrupting operations or manipulating industrial processes.

🟠

Likely Case

Attacker gains code execution on the engineering workstation, enabling data theft, lateral movement within the OT network, or deployment of ransomware.

🟢

If Mitigated

Limited impact with proper network segmentation and user awareness preventing malicious file execution.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction to open malicious file but no authentication. Weaponization likely given industrial control system targeting.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to newer DOPSoft versions if available or implementing workarounds.

🔧 Temporary Workarounds

Restrict DPS file execution

windows

Block execution of DPS files or restrict DOPSoft application execution to trusted users only.

Use Windows AppLocker or similar to restrict DOPSoft.exe execution
Configure file associations to not automatically open DPS files

Network segmentation

windows

Isolate DOPSoft workstations from untrusted networks and implement strict firewall rules.

Configure Windows Firewall to block unnecessary inbound/outbound connections
Segment OT network from IT network

🧯 If You Can't Patch

Implement application whitelisting to only allow trusted applications to run
Train users to never open DPS files from untrusted sources and disable automatic file opening

🔍 How to Verify

Check if Vulnerable:

Check if DOPSoft version 2 is installed on the system. Review installed programs in Control Panel or check program files directory.

Check Version:

Check DOPSoft.exe properties or installed programs list for version information

Verify Fix Applied:

Verify DOPSoft version 2 is no longer present or workarounds are properly implemented.

📡 Detection & Monitoring

Log Indicators:

Process creation events for DOPSoft.exe with unusual parent processes
File creation events for DPS files in unusual locations
Crash logs from DOPSoft application

Network Indicators:

Unusual outbound connections from DOPSoft workstations
File transfers to/from DOPSoft systems

SIEM Query:

Process creation where image='*\DOPSoft.exe' AND command_line CONTAINS '.dps'

📊 Metadata

CVE ID: CVE-2023-43815

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-119

Published: January 18, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43815, you might also want to check these: