CRITICAL🇵🇱 Wersja polska

CVE-2025-62581

CVSS 9.8v3.1pub. 2026-01-16upd. 2026-06-04

Delta Electronics DIAView has multiple vulnerabilities.

🤖 AI Analysis
How it works

The vulnerability is related to CWE-321, namely the use of a static, hardcoded cryptographic key embedded in the application. An attacker, knowing or reproducing such a key, can bypass authentication or encryption mechanisms implemented in the product. The attack can be conducted remotely, without authentication and without user interaction, which significantly lowers the entry threshold for a potential attacker.

Impact

An attacker can gain full control over the system — including confidentiality, integrity, and availability of data — which in an industrial environment (SCADA/HMI) can lead to disruption of production processes or their unauthorized modification.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references — detailed information is contained in the Delta Electronics security bulletin: Delta-PCSA-2026-00001 available in the manufacturer's file center.

Who is affected

Delta Electronics DIAView — versions indicated in the manufacturer's references (document Delta-PCSA-2026-00001)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Deltaww Diaview

    APP
    Deltaww
    < 4.4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-62582CRITICAL9.8PL ✓ten sam produkt

Brak uwierzytelnienia w Delta Electronics DIAView (CWE-306)

CVE-2026-0975HIGH7.8ten sam produkt

Delta Electronics DIAView has Command Injection vulnerability.

CVE-2026-1949CRITICAL9.8PL ✓ten sam vendor

Delta Electronics AS320T — błędna kalkulacja rozmiaru bufora w handlerze GET/PUT

CVE-2026-1950CRITICAL9.8PL ✓ten sam vendor

Delta Electronics AS320T — przepełnienie bufora stosu przez nazwę pliku

CVE-2026-1951CRITICAL9.8PL ✓ten sam vendor

Delta Electronics AS320T — przepełnienie bufora przez nazwę katalogu (stack-based buffer overflow)