Delta Electronics Delta Industrial Automation DOPSoft DPS File InitialMacroLen Buffer Overflow Remote Code Execution

Vulnerability

A stack-based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the InitialMacroLen field of a DPS file. The affected product is end-of-life and no specific version range is provided; all versions are presumed vulnerable. The vulnerability is triggered during the processing of a specially crafted DPS file [1].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by convincing a user to open a malicious DPS file. No additional privileges or network access beyond delivering the file are required. The attacker crafts a DPS file with an oversized InitialMacroLen value, which when parsed by DOPSoft causes a stack buffer overflow [1].

Impact

Successful exploitation results in remote code execution in the context of the DOPSoft application. The attacker can achieve arbitrary code execution, potentially leading to full compromise of the affected system [1].

Mitigation

The product is end-of-life and no patches are available. Users are advised to discontinue use of DOPSoft and migrate to a supported alternative. No workarounds are provided in the available references [1].