These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
This CVE represents a mitigation bypass and incomplete fix for CVE-2025-62582, an unauthenticated remote database access vulnerability affecting DIAView projects. The original vulnerability allowed unauthenticated remote attackers to access configured databases; this new CVE indicates that previous remediation efforts were insufficient. The vulnerability carries a CVSS 3.1 score of 9.8 (Critical), reflect [truncated]
CVE-2026-1361 affects Delta Electronics ASDA-Soft version 7.2.0.0 and is described by CISA as a stack-based buffer overflow in .par file parsing. The flaw stems from incorrect validation of a user-controlled size parameter against the local buffer limit, allowing writes past the end of the buffer. Delta states the issue is fixed in ASDA-Soft v7.2.2.0.
CVE-2026-0975 affects Delta Electronics DIAView and was published by CISA on 2026-01-22. The advisory says DIAView functions can execute shell commands within a project script. If an attacker gets a victim to run a project containing a malicious script, arbitrary code can be executed when that project starts. Delta recommends updating to DIAView v4.4 or later and following its security guidance for contro [truncated]
Delta Electronics DIAView contains multiple critical vulnerabilities that permit unauthenticated remote attackers to achieve full system compromise. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates network-exploitable, low-complexity attacks requiring no privileges or user interaction, resulting in complete confidentiality, integrity, and availability loss. The associated CWE-306 (Missi [truncated]
CVE-2025-53416 affects Delta Electronics DTN Soft versions 2.1.0 and earlier. CISA states that a specially crafted project file can trigger deserialization of untrusted data and may allow arbitrary code execution; the supplied CVSS v3.1 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, which maps to a High severity score of 7.8. No KEV listing is included in the supplied data.
CVE-2025-53415 is a Delta Electronics DTM Soft issue affecting versions up to 1.6.0.0. According to the CISA CSAF advisory, the flaw is a deserialization of untrusted data condition that may allow an attacker to extract information. CISA published the advisory on 2025-07-10 and assigned a High CVSS score of 7.8. The supplied data does not place this issue in CISA’s Known Exploited Vulnerabilities catalog.
Delta Electronics CNCSoft contains an input-validation flaw affecting files opened by users. In the supplied advisory, a maliciously crafted file can trigger code execution in the context of the current process. Delta states the affected A-series CNC products have been discontinued, and no vendor fix is planned.
CVE-2025-47726 affects Delta Electronics CNCSoft <=v1.01.34. CISA says the product does not properly validate user-supplied files, and opening a maliciously crafted file can execute code in the context of the current process. Delta states CNCSoft is discontinued and no fix will be provided, so affected organizations should prioritize migration and tighten file-handling and OT exposure controls.
CVE-2025-47725 affects Delta Electronics CNCSoft and is rated High. According to CISA’s advisory, opening a maliciously crafted file can let an attacker execute code in the context of the current process. Delta says the affected A-series CNC products are discontinued and no fix is planned, so affected users should prioritize migration and exposure reduction.
CVE-2025-22884 is a high-severity vulnerability in Delta Electronics ISPSoft affecting version 3.19 and earlier. According to the CISA CSAF advisory, a stack-based buffer overflow can occur while parsing DVP files and may allow arbitrary code execution. Delta recommends updating to ISPSoft v3.21 or later.
CVE-2025-22883 affects Delta Electronics ISPSoft versions 3.19 and prior. According to the CISA CSAF advisory, the issue is an out-of-bounds write that can allow arbitrary code execution when ISPSoft parses DVP files. Delta recommends updating to ISPSoft v3.21 or later. This is a high-severity issue (CVSS 7.8) and is especially important for environments where engineering workstations routinely open DVP f [truncated]
Delta Electronics ISPSoft versions 3.19 and earlier are affected by a stack-based buffer overflow that can be triggered while parsing CBDGL files. According to the advisory, the flaw may let an attacker leverage debugging logic to execute arbitrary code. Delta recommends upgrading to ISPSoft v3.21 or later.
Delta Electronics COMMGR is affected by a critical authentication weakness caused by insufficiently randomized session IDs. According to the CISA advisory, an attacker could brute force a session ID and then load and execute arbitrary code. The advisory lists COMMGR Version 1 as end-of-life and indicates a fixed release is available in COMMGR v2.10.0.
Delta Electronics CNCSoft-G2 is affected by a heap-based buffer overflow caused by insufficient validation of user-supplied data length before copying into a fixed-length heap buffer. According to the advisory, an attacker can manipulate a user into visiting a malicious page or opening a malicious file, which may allow code execution in the context of the current process. Delta identifies affected version [truncated]
Delta Electronics DRASimuCAD contains a type confusion vulnerability that allows specially crafted files to supply data of an unexpected type when the program opens files. This vulnerability affects DRASimuCAD versions 1.02.00.00 and earlier. The issue was disclosed by CISA on January 9, 2025, with an update published on January 16, 2025 indicating that a vendor patch became available. The vulnerability r [truncated]
CVE-2024-12835 is a high-severity buffer overflow vulnerability in Delta Electronics DRASimuCAD, an industrial automation simulation software. The flaw exists in versions 1.02.00.00 and earlier, where opening a specially crafted file can force the program to write data outside its intended buffer boundary. This out-of-bounds write condition enables code execution with the privileges of the logged-in user. [truncated]
Delta Electronics DRASimuCAD contains a type confusion vulnerability that allows specially crafted files to supply incorrect data types during file opening operations. The vulnerability, published on January 9, 2025, and updated on January 16, 2025, affects DRASimuCAD versions 1.02.00.00 and earlier. The CVSS 3.1 score of 7.8 (HIGH) reflects local attack vector with low attack complexity, no privileges re [truncated]
Delta Electronics DTM Soft contains an insecure deserialization vulnerability that could allow an attacker to execute arbitrary code. The affected product is DTM Soft version 1.30 and earlier. CISA published advisory ICSA-24-354-03 on December 19, 2024, assigning this vulnerability a CVSS 3.1 score of 7.8 (HIGH). The vulnerability requires local access and user interaction, but successful exploitation res [truncated]
A stack-based buffer overflow vulnerability in Delta Electronics DIAScreen's BACnetObjectInfo function allows remote code execution when a user opens a maliciously crafted file. The vulnerability requires user interaction—an attacker must trick a valid user into running the application with a malicious file. Successful exploitation grants the attacker arbitrary code execution with the privileges of the us [truncated]
CVE-2024-39605 is a stack-based buffer overflow vulnerability in Delta Electronics DIAScreen, an industrial control system HMI/SCADA software. The flaw exists in the BACnetParameter component and can be exploited when a valid user is tricked into opening a maliciously crafted file. Successful exploitation allows remote code execution with the privileges of the user running the application. The vulnerabili [truncated]
A stack-based buffer overflow vulnerability exists in Delta Electronics DIAScreen versions prior to 1.5.0. The flaw resides in the CEtherIPTagItem component and can be triggered when a valid user opens a maliciously crafted file. Successful exploitation enables remote code execution with the privileges of the user running the application. The vulnerability requires user interaction (opening a malicious fi [truncated]
Delta Electronics InfraSuite Device Master versions prior to 1.0.12 contain a critical deserialization vulnerability in the Device-Gateway component. The flaw allows unauthenticated remote attackers to deserialize arbitrary .NET objects, leading to remote code execution. This vulnerability is particularly severe as it requires no authentication and can be exploited remotely over the network. The vulnerabi [truncated]
A use of uninitialized memory vulnerability in Delta Electronics CNCSoft-G2 allows remote attackers to execute arbitrary code in the context of the current process through social engineering. The vulnerability, published October 10, 2024, affects version 2.1.0.10 and is rated HIGH severity (CVSS 7.8). Attackers can exploit this by manipulating users into visiting malicious pages or opening malicious files [truncated]
CVE-2024-47965 is a high-severity out-of-bounds read vulnerability in Delta Electronics CNCSoft-G2 version 2.1.0.10, published by CISA on October 10, 2024. The flaw stems from improper validation of user-supplied data, allowing an attacker to read past the end of an allocated buffer. Successful exploitation requires user interaction—specifically, tricking a user into visiting a malicious page or opening a [truncated]
CVE-2024-47964 is a heap-based buffer overflow vulnerability in Delta Electronics CNCSoft-G2 version 2.1.0.10, published by CISA on October 10, 2024. The flaw stems from improper validation of user-supplied data length before copying to a fixed-length heap buffer. An attacker can exploit this via social engineering—manipulating users to visit a malicious page or open a malicious file—to achieve code execu [truncated]
Delta Electronics CNCSoft-G2 contains an out-of-bounds write vulnerability due to improper validation of user-supplied data. The flaw, published on 2024-10-10, allows an attacker to execute arbitrary code in the context of the current process by convincing a user to open a malicious file or visit a malicious page. The vulnerability affects CNCSoft-G2 version 2.1.0.10 and is rated HIGH severity with a CVSS [truncated]
A stack-based buffer overflow vulnerability in Delta Electronics CNCSoft-G2 version 2.1.0.10 allows code execution through user interaction with malicious content. The flaw stems from improper length validation when copying user-supplied data to a fixed-length stack buffer. An attacker can leverage social engineering to manipulate an insider into visiting a malicious page or opening a malicious file, resu [truncated]
Delta Electronics DIAEnergie industrial energy management system contains a critical SQL injection vulnerability in the AM_RegReport.aspx script. The flaw allows unauthenticated remote attackers to extract database records without authentication. CISA published advisory ICSA-24-277-03 on October 3, 2024, documenting this vulnerability with a CVSS 3.1 score of 9.8 (Critical). The affected product is DIAEne [truncated]
Delta Electronics DIAEnergie versions up to and including v1.10.01.008 contain an authenticated SQL injection vulnerability in the Handler_CFG.ashx script. An attacker with valid credentials can exploit this flaw to inject malicious SQL commands, potentially causing operational delays in the targeted industrial control system. The vulnerability carries a HIGH severity CVSS 3.1 score of 8.8, reflecting sig [truncated]
Delta Electronics DTN Soft versions 2.0.1 and prior contain a deserialization of untrusted data vulnerability that can lead to remote code execution. The vulnerability was disclosed by CISA on August 29, 2024, with a CVSS 3.1 score of 7.8 (HIGH). The attack vector is local, requiring user interaction but no privileges, and can result in complete confidentiality, integrity, and availability compromise of t [truncated]
A stack-based buffer overflow vulnerability in Delta Electronics DIAScreen allows arbitrary code execution when processing maliciously crafted DPA files. The vulnerability, published 2024-08-06, carries a HIGH severity CVSS 7.8 score and requires local access with user interaction. Delta Electronics has released version 1.4.2 to address this issue.
Delta Electronics CNCSoft-G2 Version 2.1.0.10 and prior contains a heap-based buffer overflow vulnerability due to improper validation of user-supplied data length before copying to a fixed-length buffer. This vulnerability allows remote code execution in the context of the current process when a target visits a malicious page or opens a malicious file. The vulnerability was initially disclosed on July 9, [truncated]
Delta Electronics CNCSoft-G2 contains a heap-based buffer overflow vulnerability due to improper validation of user-supplied data length before copying to a fixed-length buffer. An attacker can exploit this by convincing a target to visit a malicious page or open a malicious file, resulting in arbitrary code execution in the context of the current process. The vulnerability affects CNCSoft-G2 version 2.0. [truncated]
Delta Electronics CNCSoft-G2 contains an out-of-bounds read vulnerability due to improper validation of user-supplied data. The flaw exists in version 2.0.0.5 and can be triggered when a target visits a malicious page or opens a malicious file, potentially allowing an attacker to execute arbitrary code within the context of the current process. CISA published the initial advisory on July 9, 2024, with an [truncated]
Delta Electronics CNCSoft-G2 contains a memory corruption vulnerability due to improper validation of user-supplied data. An attacker can exploit this flaw by convincing a target to visit a malicious web page or open a malicious file, resulting in arbitrary code execution within the context of the current process. The vulnerability affects CNCSoft-G2 version 2.0.0.5. CISA published the initial advisory on [truncated]
Delta Electronics CNCSoft-G2 contains a stack-based buffer overflow vulnerability due to improper validation of user-supplied data length before copying to a fixed-length buffer. An attacker can exploit this by convincing a target to visit a malicious page or open a malicious file, resulting in arbitrary code execution in the context of the current process. This vulnerability affects CNCSoft-G2 version 2. [truncated]
Delta Electronics DIAEnergie v1.10.00.005 contains a path traversal vulnerability due to insufficient input validation. An authenticated attacker with low privileges can exploit this flaw to write files outside the intended directory, with the additional risk of overwriting existing files on the target system. The vulnerability carries a HIGH severity CVSS 3.1 score of 8.8, reflecting significant confiden [truncated]
Delta Electronics DIAEnergie contains an authenticated SQL injection vulnerability in the GetDIACloudList endpoint that could allow complete system compromise. The vulnerability was disclosed by CISA on May 2, 2024, with a CVSS 3.1 score of 8.8 (HIGH). Affected versions include DIAEnergie v1.10.00.005. The vendor has released a patched version.
Delta Electronics DIAEnergie v1.10.00.005 contains an authenticated SQL injection vulnerability in the Handler_CFG.ashx script. An attacker with valid credentials can exploit this flaw to potentially compromise the underlying system. The vulnerability was disclosed by CISA on May 2, 2024, with a CVSS 3.1 score of 8.8 (High severity). A vendor fix is available in version v1.10.01.004.
Delta Electronics CNCSoft-G2 versions 2.1.0.27 and earlier contain a file parsing vulnerability that allows arbitrary code execution when a user opens a malicious file. The flaw stems from improper validation of user-supplied files, enabling attackers to execute code within the context of the current process. This vulnerability was initially disclosed on April 30, 2024, and subsequently updated on October [truncated]
Delta Electronics CNCSoft-G2 contains a stack-based buffer overflow vulnerability due to improper validation of user-supplied data length before copying to a fixed-length buffer. This local attack vector allows code execution in the context of the current process. The vulnerability was disclosed in April 2024 and updated in October 2025 to reflect modified affected products and mitigations. Affected versi [truncated]
CVE-2021-38406 affects Delta Electronics DOPSoft 2 and is included in CISA’s Known Exploited Vulnerabilities catalog, which indicates it is a vulnerability of active defensive concern. CISA’s supplied note says the impacted product is end-of-life and should be disconnected if still in use. For organizations that still rely on DOPSoft 2, the safest response is to treat this as an urgent remediation item an [truncated]
CVE-2016-5805 covers multiple heap-based buffer overflow conditions in Delta Electronics engineering software. According to the NVD record, WPLSoft versions prior to V2.42.11, ISPSoft versions prior to 3.02.11, and PMSoft versions prior to 2.10.10 are affected. The reported impact is that malicious files may trigger arbitrary code execution or a denial of service. NVD rates the issue HIGH with a CVSS 3.0 [truncated]
CVE-2016-5802 affects Delta Electronics WPLSoft, ISPSoft, and PMSoft versions prior to the vendor-fixed releases. NVD describes multiple out-of-bounds write conditions that may allow malicious files to be read and executed by the affected software. The published CVSS 3.0 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a local, user-interaction-dependent issue with high impact if triggered.
