Delta Electronics DIAScreen

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v3 7.8
• ATTENTION: Low attack complexity
• Vendor: Delta Electronics
• Equipment: DIAScreen
• Vulnerability: Out-of-bounds Write

2. RISK EVALUATION

Successful exploitation of this vulnerability may allow remote code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Delta Electronics reports the following versions of DIAScreen, a software configuration tool for Delta devices, are affected:

• DIAScreen: versions prior to v1.3.2

3.2 Vulnerability Overview

3.2.1 Out-of-bounds Write CWE-787

Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process.

CVE-2023-5068 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Energy
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

kimiya working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.

4. MITIGATIONS

Delta Electronics has released a new version (v1.3.2) of DIAScreen to address this issue.
Users can download it at the download center of DIAStudio. (Login required)

CISA recommends users take the following measures to protect themselves from social engineering a

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.