CVE-2021-38406
CISA KEVPublished August 25, 2022 · Updated April 3, 2026
high
Official Description+
Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution.
Affected Products
| Vendor | Product |
|---|---|
| Delta Electronics | DOPSoft 2 |
Patch Status
Patch by 2022-09-15
Recommended Actions
- Check if your systems use any of the affected products listed above.
- Apply vendor patches immediately if available.
- This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
- Monitor vendor advisories for updates and additional mitigations.
- Review logs for indicators of compromise related to CVE-2021-38406.