CVE-2023-5068
Published: 21 September 2023
Summary
CVE-2023-5068 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Deltaww Diascreen. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 13.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Deeper analysis
Delta Electronics DIAScreen contains an out-of-bounds write vulnerability when parsing specially crafted input files. The flaw, tracked as CVE-2023-5068 and assigned CWE-787, allows memory to be written past the end of an allocated buffer and carries a CVSS 3.1 score of 7.8 reflecting local attack vector, low complexity, and no required privileges beyond user interaction.
An attacker can exploit the issue by supplying a malicious file that a user opens in DIAScreen. Successful exploitation results in arbitrary code execution within the context of the current process on the affected workstation.
CISA advisory ICSA-23-264-03 and the vendor download pages at diastudio.deltaww.com provide the official notifications and any available software updates or workarounds for this industrial control systems product.
EPSS for the CVE rose sharply from a low baseline to a peak of 0.0909 on 2025-01-22 before receding, indicating that exploitation interest increased well after initial disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-57410
Vulnerability details
Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.