Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability.
The vulnerability consists of a stack-based buffer overflow in the COMMGR2 application. An attacker can send specially crafted data to the vulnerable component, causing memory areas beyond the buffer boundaries to be overwritten. This can lead to hijacking control of program execution flow and executing arbitrary code.
An unauthenticated remote attacker can gain full control over the vulnerable system, including the ability to read and modify data and disrupt service availability (RCE). In industrial environments (OT/ICS), this could lead to disruption of automation processes.
Patches available from the manufacturer should be applied in accordance with the references — detailed information is contained in the document Delta-PCSA-2026-00005 available in the Delta Electronics file center (filecenter.deltaww.com).
Delta Electronics COMMGR2 — versions indicated in the manufacturer's references (document Delta-PCSA-2026-00005)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDeltaww Commgr2
APPDeltaww< 2.11.1
Related vulnerabilities
Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability.
Delta Electronics AS320T — przepełnienie bufora przez nazwę katalogu (stack-based buffer overflow)
Delta Electronics AS320T — błędna kalkulacja rozmiaru bufora w handlerze GET/PUT
Delta Electronics AS320T — przepełnienie bufora stosu przez nazwę pliku
Delta Electronics AS320T — DoS przez nieudokumentowaną subfunkcję