CVE-2023-43819 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2023-43819?

CVE-2023-43819 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft allows remote code execution when a user opens a malicious DPS file. This affects industrial automation systems using DOPSoft for HMI programming. Attackers can exploit this without authentication by tricking users into opening specially crafted files.

📋 TL;DR

A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft allows remote code execution when a user opens a malicious DPS file. This affects industrial automation systems using DOPSoft for HMI programming. Attackers can exploit this without authentication by tricking users into opening specially crafted files.

💻 Affected Systems

Products:

Delta Electronics Delta Industrial Automation DOPSoft

Versions: All versions prior to 4.00.16.11

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects DOPSoft software used for programming Delta HMI devices. Vulnerability triggers when parsing DPS project files.

📦 What is this software?

Dopsoft by Deltaww

View all CVEs affecting Dopsoft →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the workstation, potentially leading to disruption of industrial processes, data theft, or lateral movement into operational technology networks.

🟠

Likely Case

Remote code execution on the engineering workstation, allowing malware installation, credential theft, and potential access to connected industrial control systems.

🟢

If Mitigated

Limited to isolated engineering workstation compromise if proper network segmentation and least privilege are implemented.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (opening malicious file). Public proof-of-concept demonstrates reliable exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.00.16.11

Vendor Advisory: https://www.deltaww.com/en-US/Service/DownloadCenter

Restart Required: Yes

Instructions:

1. Download DOPSoft version 4.00.16.11 or later from Delta Electronics website. 2. Run the installer. 3. Follow installation prompts. 4. Restart the system after installation completes.

🔧 Temporary Workarounds

Restrict DPS file handling

all

Block DPS files at email gateways and web proxies to prevent delivery of malicious files.

Application whitelisting

windows

Implement application control to prevent unauthorized execution of DOPSoft or restrict it to specific users.

🧯 If You Can't Patch

Implement strict network segmentation to isolate engineering workstations from production networks
Train users to never open DPS files from untrusted sources and implement file extension filtering

🔍 How to Verify

Check if Vulnerable:

Check DOPSoft version in Help > About. If version is earlier than 4.00.16.11, the system is vulnerable.

Check Version:

Not applicable - check via DOPSoft GUI Help > About

Verify Fix Applied:

Verify DOPSoft version shows 4.00.16.11 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing DOPSoft crashes, unexpected process creation from DOPSoft

Network Indicators:

Unusual outbound connections from engineering workstations, especially to external IPs

SIEM Query:

Process Creation where Image contains 'dopsoft.exe' AND ParentImage contains 'explorer.exe'

📊 Metadata

CVE ID: CVE-2023-43819

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: January 18, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43819, you might also want to check these: