Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability
Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution.
A local attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2022-09-15 under CISA BOD 22-01.
This is a Out-of-bounds Write (CWE-787) vulnerability in Delta Electronics DOPSoft 2. Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process. Exploitation requires local access, low attack complexity, no authentication required, and user interaction required.
Probably yes if any of these apply:
CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2022-08-25 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2022-09-15.
Manual remediation steps
Apply the Vendor Patch
This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.
CISA required action: The impacted product is end-of-life and should be disconnected if still in use.
References
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.
References