Detections
Analytics

Delta DOPSoft All Versions Out-of-bounds Read Vulnerability

low Nessus Plugin ID 173056

Language:

Synopsis

Delta DOPSoft installed on the remote host is affected by an Out-of-bounds Read vulnerability.

Description

Delta DOPSoft is installed on the remote host. It is, therefore, affected by vulnerabilities as referenced in the CISA ICSA-22-244-01 advisory.

 - Two out-of-bounds read conditions may occur due to the affected product not properly sanitizing input while processing specific project files, which may allow unauthorized information disclosure.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

DOPSoft 2 will not receive an update to mitigate these vulnerabilities because it is an end-of-life product.
Delta Electronics recommends users to switch to the replacement software when available.

See Also

https://www.cisa.gov/uscert/ics/advisories/icsa-22-244-01

Plugin Details

Severity: Low

ID: 173056

File Name: delta_dopsoft_CVE-2022-2966.nasl

Version: 1.0

Type: local

Agent: windows

Family: Windows

Published: 3/21/2023

Updated: 3/21/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory.

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Low

Base Score: 3.3

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS Score Source: manual

Vulnerability Information

CPE: cpe:/a:deltaww:dopsoft

Required KB Items: installed_sw/Delta DOPSoft

Vulnerability Publication Date: 9/1/2022

Reference Information

CVE: CVE-2022-2966