CVE-2026-0975 Delta Electronics CVE debrief

Who should care

Organizations using Delta Electronics DIAView, especially OT/ICS operators, engineers, integrators, and anyone who opens or distributes DIAView project files.

Technical summary

The issue is triggered through a malicious project script. DIAView functions can execute shell commands inside the script, so if a user is induced to open and run a crafted project, the malicious script can lead to arbitrary code execution at project start. The supplied advisory context points to CWE-77 and a high-severity CVSS 3.1 vector with user interaction required.

Defensive priority

High. This is a user-triggered code-execution issue in an industrial control software product, so patching and access controls should be prioritized.

Recommended defensive actions

• Update Delta Electronics DIAView to v4.4 or later as recommended by the vendor.
• Review where DIAView projects come from and do not open untrusted or unsolicited project files.
• Limit exposure of control systems to the Internet and isolate OT networks from business networks with firewalls.
• Use a VPN or similarly secure access method for required remote access.
• Follow Delta Electronics' advisory Delta-PCSA-2026-00002 and CISA ICS recommended practices.

Evidence notes

All statements are taken from the supplied CISA CSAF advisory metadata and referenced vendor remediation guidance. The advisory was initially published and last modified on 2026-01-22. No Known Exploited Vulnerabilities entry was provided in the corpus.

Official resources