// For flags

CVE-2023-4685

CVE-2023-4685

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code.

CNCSoft-B versión 1.0.0.4 de Delta Electronics y DOPSoft versiones 4.0.0.82 y anteriores son vulnerables al desbordamiento del búfer de memoria, lo que podría permitir a un atacante ejecutar código arbitrario.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

*Credits: Natnael Samson (@NattiSamson)
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-08-31 CVE Reserved
  • 2023-09-07 CVE Published
  • 2024-10-11 CVE Updated
  • 2024-10-12 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-121: Stack-based Buffer Overflow
  • CWE-787: Out-of-bounds Write
CAPEC
References (1)
URL Tag Source
https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-01 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Deltaww
Search vendor "Deltaww"
 Cncsoft-b
Search vendor "Deltaww" for product "Cncsoft-b"
 <= 1.0.0.2
Search vendor "Deltaww" for product "Cncsoft-b" and version " <= 1.0.0.2"
-
Affected
Deltaww
Search vendor "Deltaww"
 Dopsoft
Search vendor "Deltaww" for product "Dopsoft"
 <= 4.0.0.82
Search vendor "Deltaww" for product "Dopsoft" and version " <= 4.0.0.82"
-
Affected