CRITICAL🇵🇱 Wersja polska

CVE-2026-3630

CVSS 9.8v3.1pub. 2026-03-09upd. 2026-03-10

Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability.

🤖 AI Analysis
How it works

The vulnerability consists of a stack-based buffer overflow in the COMMGR2 application. An attacker can send specially crafted data to the vulnerable component, causing memory areas beyond the buffer boundaries to be overwritten. This can lead to hijacking control of program execution flow and executing arbitrary code.

Impact

An unauthenticated remote attacker can gain full control over the vulnerable system, including the ability to read and modify data and disrupt service availability (RCE). In industrial environments (OT/ICS), this could lead to disruption of automation processes.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references — detailed information is contained in the document Delta-PCSA-2026-00005 available in the Delta Electronics file center (filecenter.deltaww.com).

Who is affected

Delta Electronics COMMGR2 — versions indicated in the manufacturer's references (document Delta-PCSA-2026-00005)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Deltaww Commgr2

    APP
    Deltaww
    < 2.11.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2026-3631HIGH7.5ten sam produkt

Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability.

CVE-2026-1951CRITICAL9.8PL ✓ten sam vendor

Delta Electronics AS320T — przepełnienie bufora przez nazwę katalogu (stack-based buffer overflow)

CVE-2026-1949CRITICAL9.8PL ✓ten sam vendor

Delta Electronics AS320T — błędna kalkulacja rozmiaru bufora w handlerze GET/PUT

CVE-2026-1950CRITICAL9.8PL ✓ten sam vendor

Delta Electronics AS320T — przepełnienie bufora stosu przez nazwę pliku

CVE-2026-1952CRITICAL9.8PL ✓ten sam vendor

Delta Electronics AS320T — DoS przez nieudokumentowaną subfunkcję