External risk intelligence

Delta DOPSoft 2: Code Execution via Malicious Project Files

CVE advisoryKnown Exploit

CVE-2021-38406

A vulnerability in Delta DOPSoft 2 allows code execution when processing specific project files. This presents a risk of unauthorized access or control over affected systems. The software is end-of-life and should be disconnected if in use.

1Halo Surface Signal

Out-of-bounds Write

Deltaww Dopsoft

2.00 to 2.00.07

External exposure likelihood

Halo Surface Signal score for CVE-2021-38406

DOPSoft is engineering software used for designing human-machine interface (HMI) applications. The vulnerability requires parsing a specific, locally opened project file, which is an offline, user-interactive process. It is not an internet-facing service, gateway, or network-accessible application, making external exploitation highly unlikely.

Horizon Alert

Summary of the vulnerability and why it matters

Delta Electronic's DOPSoft 2 software has a flaw that occurs when processing specific project files. This vulnerability allows an attacker to execute code on the affected system. Such an occurrence could lead to unauthorized access or control over systems where the software is installed.

Vulnerable software: Delta DOPSoft 2
Core weakness: Improper user data validation
Main business impact: Unauthorized code execution

Attack Path

How an attacker could exploit the issue

This vulnerability involves improper handling of user-supplied data within project files. An attacker can exploit this by providing a crafted file to a vulnerable system. Successful exploitation allows an attacker to execute code, potentially impacting system integrity and confidentiality.

Exposure condition: Local file parsing.
Attacker starting point: Local access.
Trigger and result: Malicious file, code execution.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to execute code on a targeted system. The difficulty of exploitation is low, but requires the attacker to trick a user into opening a specially crafted project file. The potential damage includes the compromise of the affected system and the data it processes.

Likely attacker skill level: Low
Required access or conditions: User interaction with a malicious file
Business risk or urgency: Moderate

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in Delta Electronic DOPSoft 2 could allow an attacker to execute code within the current process. This is a high-severity risk that requires immediate attention to protect organizational systems and data. The vendor has indicated the impacted product is end-of-life and should be disconnected if still in use.

Identify all instances of DOPSoft 2.
Isolate or disconnect affected systems.
Verify removal and monitor for related activity.

Frequently asked questions

What is Delta DOPSoft 2 software?

Delta DOPSoft 2 is engineering software used to design human-machine interface (HMI) applications, which allow users to interact with industrial equipment. It's used for creating the visual displays and controls that operators see on screens connected to machinery.

What weakness does CVE-2021-38406 describe?

CVE-2021-38406 describes an improper input validation weakness in Delta DOPSoft 2. This means the software doesn't properly check data provided by users in project files, leading to security issues.

How is the CVE-2021-38406 vulnerability triggered?

The vulnerability is triggered when the DOPSoft 2 software parses a specially crafted project file. An attacker needs to trick a user into opening this malicious file locally to exploit the flaw.

Who should care about CVE-2021-38406?

Organizations using Delta DOPSoft 2 should care. While the vulnerability requires local file access and user interaction, making external attacks unlikely, it could impact internal systems if a user opens a malicious file.

What are the first steps for responding to CVE-2021-38406?

First, identify all systems running Delta DOPSoft 2. Since the product is end-of-life, the recommended action is to isolate or disconnect affected systems. Monitor for any related suspicious activity.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.