Delta Electronics DIAView has multiple vulnerabilities.
The vulnerability is related to CWE-321, namely the use of a static, hardcoded cryptographic key embedded in the application. An attacker, knowing or reproducing such a key, can bypass authentication or encryption mechanisms implemented in the product. The attack can be conducted remotely, without authentication and without user interaction, which significantly lowers the entry threshold for a potential attacker.
An attacker can gain full control over the system — including confidentiality, integrity, and availability of data — which in an industrial environment (SCADA/HMI) can lead to disruption of production processes or their unauthorized modification.
Patches available from the manufacturer should be applied in accordance with the references — detailed information is contained in the Delta Electronics security bulletin: Delta-PCSA-2026-00001 available in the manufacturer's file center.
Delta Electronics DIAView — versions indicated in the manufacturer's references (document Delta-PCSA-2026-00001)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDeltaww Diaview
APPDeltaww< 4.4.0
Related vulnerabilities
Brak uwierzytelnienia w Delta Electronics DIAView (CWE-306)
Delta Electronics DIAView has Command Injection vulnerability.
Delta Electronics AS320T — błędna kalkulacja rozmiaru bufora w handlerze GET/PUT
Delta Electronics AS320T — przepełnienie bufora stosu przez nazwę pliku
Delta Electronics AS320T — przepełnienie bufora przez nazwę katalogu (stack-based buffer overflow)