CVE-2023-5944
📋 TL;DR
Delta Electronics DOPSoft software contains a stack-based buffer overflow vulnerability that allows arbitrary code execution when a user opens a specially crafted malicious file. This affects all users of vulnerable DOPSoft versions, particularly industrial control system operators who use this software for HMI programming.
💻 Affected Systems
- Delta Electronics DOPSoft
📦 What is this software?
Dopsoft by Deltaww
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the workstation, potentially pivoting to industrial control networks and disrupting operations.
Likely Case
Local privilege escalation or malware execution on the engineering workstation, leading to data theft or manipulation of HMI configurations.
If Mitigated
Limited impact if file execution is prevented through application whitelisting and user awareness training.
🎯 Exploit Status
Exploitation requires social engineering to get user to open malicious file. No public exploit code available at time of advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for latest patched version
Vendor Advisory: https://diastudio.deltaww.com/home/downloads?sec=download#catalog
Restart Required: Yes
Instructions:
1. Download latest DOPSoft version from Delta Electronics website. 2. Uninstall current version. 3. Install updated version. 4. Restart system.
🔧 Temporary Workarounds
Application Control
windowsImplement application whitelisting to prevent execution of unauthorized files and restrict DOPSoft to trusted locations.
Use Windows AppLocker or similar solution to create whitelist rules
File Extension Restrictions
windowsBlock or warn on opening DOPSoft project files from untrusted sources.
Configure email/web filters to block .dop files
Use Group Policy to restrict file associations
🧯 If You Can't Patch
- Restrict user permissions to prevent execution of untrusted files
- Implement network segmentation to isolate DOPSoft workstations from critical control systems
🔍 How to Verify
Check if Vulnerable:
Check DOPSoft version against vendor advisory. Vulnerable if using version prior to patched release.Check Version:
Open DOPSoft → Help → About to view version informationVerify Fix Applied:
Verify installed DOPSoft version matches or exceeds patched version specified in vendor advisory.📡 Detection & Monitoring
Log Indicators:
- Unexpected DOPSoft crashes
- Process creation from DOPSoft with unusual parameters
- File access to suspicious .dop files
Network Indicators:
- Outbound connections from DOPSoft to unexpected destinations
- File transfers containing DOPSoft project files
SIEM Query:
Process Creation where Image contains 'DOPSoft' AND CommandLine contains unusual parameters OR ParentProcess contains email/office applications