Delta Electronics DOPSoft

Monitor7.8ICS-CERT ICSA-23-334-01Nov 30, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

DOPSoft contains a stack-based buffer overflow vulnerability (CWE-121) that could allow local attackers to execute arbitrary code. The vulnerability affects all versions of DOPSoft. Delta Electronics has declared DOPSoft end-of-life and does not plan to release patches. The vendor recommends migration to DIAScreen v1.3.1 or newer, which is not affected by this vulnerability.

What this means

What could happen

An attacker with local access to a machine running DOPSoft could execute arbitrary code and gain full control of the application, potentially allowing manipulation of HMI/SCADA projects and process parameters.

Who's at risk

Organizations using Delta Electronics DOPSoft for HMI/SCADA configuration and engineering should prioritize migration. This affects any facility using DOPSoft on engineering workstations for programming or configuring Delta distributed control systems or operator panels, including water treatment plants, power distribution facilities, and manufacturing environments.

How it could be exploited

An attacker must first gain local access to a workstation running DOPSoft (e.g., through social engineering, malware, or physical access). Once local, the attacker can exploit a stack-based buffer overflow vulnerability to execute arbitrary code with the privileges of the logged-in user, potentially allowing them to modify or create malicious HMI/SCADA configuration files.

Prerequisites

Local access to the DOPSoft workstation
User interaction required (e.g., opening a malicious file or project)
DOPSoft application installed and running

no patch availablelocal exploitation requiredend-of-life productstack-based buffer overflowaffects engineering/configuration tools

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

DOPSoft: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDIf migration is not immediately feasible, restrict local access to DOPSoft workstations to authorized personnel only

WORKAROUNDTrain users to avoid opening untrusted files or projects in DOPSoft

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMigrate from DOPSoft to DIAScreen v1.3.1 or newer

Mitigations - no patch available

0/2

DOPSoft: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement application whitelisting to prevent unauthorized executable execution on engineering workstations

HARDENINGImplement network segmentation to isolate engineering workstations from general IT networks

CVEs (1)

CVE-2023-5944

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c96eb6ce-40e3-4925-a2af-d76bda6765fb