CVE-2023-0124

Name of the Vulnerable Software and Affected Versions Delta Electronics DOPSoft versions 4.00.16.22 and prior

Description The issue is related to an out-of-bounds write in the DOPSoft software, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. This is due to a vulnerability in the Malformed File Handler component, which is used for programming operator panels. The exploitation of this vulnerability may enable an attacker to execute arbitrary code using a specially crafted file.

Recommendations For Delta Electronics DOPSoft versions 4.00.16.22 and prior, consider avoiding the use of malformed files until a patch is available. As a temporary workaround, restrict the introduction of external files to the software to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.