Cyber Resilience

CVE-2023-5068

High

Published: 21 September 2023

Published
21 September 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0004 13.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-5068 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Deltaww Diascreen. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 13.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Deeper analysis

Delta Electronics DIAScreen contains an out-of-bounds write vulnerability when parsing specially crafted input files. The flaw, tracked as CVE-2023-5068 and assigned CWE-787, allows memory to be written past the end of an allocated buffer and carries a CVSS 3.1 score of 7.8 reflecting local attack vector, low complexity, and no required privileges beyond user interaction.

An attacker can exploit the issue by supplying a malicious file that a user opens in DIAScreen. Successful exploitation results in arbitrary code execution within the context of the current process on the affected workstation.

CISA advisory ICSA-23-264-03 and the vendor download pages at diastudio.deltaww.com provide the official notifications and any available software updates or workarounds for this industrial control systems product.

EPSS for the CVE rose sharply from a low baseline to a peak of 0.0909 on 2025-01-22 before receding, indicating that exploitation interest increased well after initial disclosure.

EU & UK References

Vulnerability details

Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

deltaww
diascreen
≤ 1.3.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References