CVE-2021-38406
published 2021-09-17CVE-2021-38406: Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in…
PriorityP183high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-09-15
Exploited in the wild
EPSS
77.89%
99.5th percentile
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | dopsoft_2 | unspecified – 2.00.07 | — |
| deltaww | dopsoft | 2.00 – 2.00.07 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered by parsing malicious/crafted project files in Delta Electronics DOPSoft 2; monitor for unexpected project file opens, especially from untrusted sources ↗
- →Attack vector is local with user interaction required (UI:R); delivery likely via social engineering (malicious email attachments or web links containing crafted DOPSoft 2 project files) ↗
- →Vulnerability is not remotely exploitable; focus detection on local process execution context of DOPSoft 2 (dopsoft.exe or equivalent) following project file open events ↗
- →Flag any DOPSoft 2 Version 2.00.07 or prior still running in OT/ICS environments — end-of-life product presence is itself an indicator of risk ↗
- ·No patch will be issued; DOPSoft 2 is end-of-life and will not receive a fix for CVE-2021-38406 ↗
- ·No known public exploits exist for this vulnerability at time of advisory publication ↗
- ·CISA KEV lists this as a known-exploited vulnerability with a required action to disconnect the product if still in use ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability
cisa·2022-08-25·CVSS 7.8
CVE-2021-38406 [HIGH] CWE-787 Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability
Vulnerability: Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability
Affected: Delta Electronics DOPSoft 2
Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution.
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-02; https://nvd.nist.gov/vuln/detail/CVE-2021-38406
Remediation Due Date: 2022-09-15
CISA ICS
Delta Electronics DOPSoft 2 (Update A)
cisa_ics·2021-09-09·CVSS 7.8
[HIGH] Delta Electronics DOPSoft 2 (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Delta Electronics DOPSoft 2 (Update A)
Last RevisedSeptember 06, 2022
Alert CodeICSA-21-252-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Low attack complexity
- Vendor: Delta Electronics
- Equipment: DOPSoft 2
- Vulnerabilities: Stack-based Buffer Overflow, Out-of-Bounds Write, Heap-based Buffer Overflow
## 2. UPDATED INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-21-252-02 Delta Electronics DOPSoft 2 that was published September 9, 2021, on the ICS webpage on cisa.gov/ICS.
## 3. RISK EVALUATION
Successful exploitation of t
GHSA
GHSA-j3xh-c39x-qghw: Delta Electronic DOPSoft 2 (Version 2
ghsa_unreviewed·2022-05-24
CVE-2021-38406 [HIGH] CWE-787 GHSA-j3xh-c39x-qghw: Delta Electronic DOPSoft 2 (Version 2
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.
VulnCheck
Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability
vulncheck·2021·CVSS 7.8
CVE-2021-38406 [HIGH] CWE-787 Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability
Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability
Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution.
Affected: Delta Electronics DOPSoft 2
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-09-15
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-09-17
Published
2022-08-25
Added to CISA KEV
Exploited in the wild