Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.DELTA_DOPSOFT_CVE-2022-2966.NASLHistoryMar 21, 2023 - 12:00 a.m.
Delta DOPSoft All Versions Out-of-bounds Read Vulnerability
2023-03-2100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
delta dopsoft
out-of-bounds read
vulnerability
unauthorized information disclosure
cisa icsa-22-244-01 advisory
diascreen
diastudio
EPSS
0.001
Percentile
50.6%
Delta DOPSoft is installed on the remote host. It is, therefore, affected by vulnerabilities as referenced in the CISA ICSA-22-244-01 advisory.
- Two out-of-bounds read conditions may occur due to the affected product not properly sanitizing input while processing specific project files, which may allow unauthorized information disclosure.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(173056);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/21");
script_cve_id("CVE-2022-2966");
script_name(english:"Delta DOPSoft All Versions Out-of-bounds Read Vulnerability");
script_set_attribute(attribute:"synopsis", value:
"Delta DOPSoft installed on the remote host is affected by an Out-of-bounds Read vulnerability.");
script_set_attribute(attribute:"description", value:
"Delta DOPSoft is installed on the remote host. It is, therefore, affected by vulnerabilities as referenced in
the CISA ICSA-22-244-01 advisory.
- Two out-of-bounds read conditions may occur due to the affected product not properly sanitizing input while
processing specific project files, which may allow unauthorized information disclosure.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/uscert/ics/advisories/icsa-22-244-01");
script_set_attribute(attribute:"solution", value:
"DOPSoft 2 will not receive an update to mitigate these vulnerabilities because it is an end-of-life product.
Delta Electronics recommends users to switch to the replacement software when available.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N");
script_set_attribute(attribute:"cvss_score_source", value:"manual");
script_set_attribute(attribute:"cvss3_score_source", value:"manual");
script_set_attribute(attribute:"cvss_score_rationale", value:"Score based on analysis of the vendor advisory.");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/09/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/21");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:deltaww:dopsoft");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("delta_dopsoft_win_installed.nbin");
script_require_keys("installed_sw/Delta DOPSoft");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'Delta DOPSoft', win_local:TRUE);
vcf::report_results(
app_info:app_info,
fix:'Migrate to DIAScreen in DIAStudio v1.1.2 or later.',
severity:SECURITY_NOTE
);
Related
nvd
nvd
CVE-2022-2966
2022-12-16 20:15:08
prion
prion
Cross site scripting
2022-12-16 20:15:00
cve
cve
CVE-2022-2966
2022-12-16 20:15:08
cvelist
cvelist
CVE-2022-2966 Delta Electronics DOPSoft Out-of-bounds Read
2022-12-16 19:51:06
ics
ics
Delta Electronics DOPSoft (Update A)
2022-09-29 12:00:00