CVE-2023-0251 - Vulnerability Details - OpenCVE

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00102.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Delta Electronics

DIAScreen

unaffected

Version	Status	Constraints
`All versions`	affected	≤ 1.2.1.23

Configuration 1 [-]

cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors	Products
Deltaww Subscribe	Diascreen Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-12332	Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.

Fixes

Solution

Delta Electronics released version 1.3.0 of DIAScreen https://deltaiastudio.b2clogin.com/deltaiastudio.onmicrosoft.com/oauth2/v2.0/authorize (login required) and recommends users install this update on all affected systems.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-23-033-01

History

Thu, 16 Jan 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-02-08T22:47:40.716Z

Updated: 2025-01-16T21:57:37.048Z

Reserved: 2023-01-12T15:56:44.368Z

Link: CVE-2023-0251

Vulnrichment

Updated: 2024-08-02T05:02:44.084Z

NVD

Status : Modified

Published: 2023-02-08T23:15:11.353

Modified: 2024-11-21T07:36:50.143

Link: CVE-2023-0251

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-119

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0251", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-01-12T15:56:44.368Z", "datePublished": "2023-02-08T22:47:40.716Z", "dateUpdated": "2025-01-16T21:57:37.048Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DIAScreen", "vendor": "Delta Electronics", "versions": [{"lessThanOrEqual": "1.2.1.23", "status": "affected", "version": "All versions", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Natnael Samson (@NattiSamson)"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Trend Micro\u2019s Zero Day Initiative"}], "datePublic": "2023-02-02T16:47:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.</p>"}], "value": "Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-02-08T22:47:40.716Z"}, "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-033-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Delta Electronics released </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://deltaiastudio.b2clogin.com/deltaiastudio.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_diastudiosigninup&client_id=9092aab8-5ccc-4a8a-a76a-59b00b7d0d52&redirect_uri=https%3a%2f%2fdiastudio.deltaww.com%2f&response_mode=form_post&response_type=id_token&scope=openid&state=OpenIdConnect.AuthenticationProperties%3dtSXw0hKpEQ9vkkvdbqbshwzywJBnOgHxqapYQrEFN1e07YOvSVHV4JuCnsD_u70KLfNuS1hKhM-fxE-PWfcOiK5DvJawVerhuz5N06I2xkJWLrZ0yh9PwixawgeMnt-gu8pNLCmqRH8jRkrirPp2XMz3lu8Qd1AmJGdk9xRhIziSEbdEjF0X8r2D4klk7yno&nonce=638084927799189443.NTVmNmFmNDMtYjNmMC00ZWY0LWI3ZjQtYzA0NTI0NTE5MTVmODE0MGU5ZGItNDhhMy00MDI5LTk4NWQtYzUxNjJkOGJiYmI1&ui_locales=en-US&x-client-SKU=ID_NET&x-client-ver=1.0.40306.1554#catalog\">version 1.3.0 of DIAScreen</a><span style=\"background-color: rgb(255, 255, 255);\"> (login required) and recommends users install this update on all affected systems. </span>\n\n<br>"}], "value": "\nDelta Electronics released version 1.3.0 of DIAScreen https://deltaiastudio.b2clogin.com/deltaiastudio.onmicrosoft.com/oauth2/v2.0/authorize \u00a0(login required) and recommends users install this update on all affected systems. \n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "CVE-2023-0251", "x_generator": {"engine": "VINCE 2.0.6", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-0251"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:44.084Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-033-01", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-16T20:31:49.020396Z", "id": "CVE-2023-0251", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T21:57:37.048Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-033-01", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:44.084Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0251", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-16T20:31:49.020396Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T20:31:50.706Z"}}], "cna": {"title": "CVE-2023-0251", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Natnael Samson (@NattiSamson)"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Trend Micro\u2019s Zero Day Initiative"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Delta Electronics", "product": "DIAScreen", "versions": [{"status": "affected", "version": "All versions", "versionType": "custom", "lessThanOrEqual": "1.2.1.23"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nDelta Electronics released version 1.3.0 of DIAScreen https://deltaiastudio.b2clogin.com/deltaiastudio.onmicrosoft.com/oauth2/v2.0/authorize \u00a0(login required) and recommends users install this update on all affected systems. \n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Delta Electronics released </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://deltaiastudio.b2clogin.com/deltaiastudio.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_diastudiosigninup&client_id=9092aab8-5ccc-4a8a-a76a-59b00b7d0d52&redirect_uri=https%3a%2f%2fdiastudio.deltaww.com%2f&response_mode=form_post&response_type=id_token&scope=openid&state=OpenIdConnect.AuthenticationProperties%3dtSXw0hKpEQ9vkkvdbqbshwzywJBnOgHxqapYQrEFN1e07YOvSVHV4JuCnsD_u70KLfNuS1hKhM-fxE-PWfcOiK5DvJawVerhuz5N06I2xkJWLrZ0yh9PwixawgeMnt-gu8pNLCmqRH8jRkrirPp2XMz3lu8Qd1AmJGdk9xRhIziSEbdEjF0X8r2D4klk7yno&nonce=638084927799189443.NTVmNmFmNDMtYjNmMC00ZWY0LWI3ZjQtYzA0NTI0NTE5MTVmODE0MGU5ZGItNDhhMy00MDI5LTk4NWQtYzUxNjJkOGJiYmI1&ui_locales=en-US&x-client-SKU=ID_NET&x-client-ver=1.0.40306.1554#catalog\">version 1.3.0 of DIAScreen</a><span style=\"background-color: rgb(255, 255, 255);\"> (login required) and recommends users install this update on all affected systems. </span>\n\n<br>", "base64": false}]}], "datePublic": "2023-02-02T16:47:00.000Z", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-033-01"}], "x_generator": {"env": "prod", "engine": "VINCE 2.0.6", "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-0251"}, "descriptions": [{"lang": "en", "value": "Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-02-08T22:47:40.716Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0251", "state": "PUBLISHED", "dateUpdated": "2025-01-16T21:57:37.048Z", "dateReserved": "2023-01-12T15:56:44.368Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2023-02-08T22:47:40.716Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}