Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    452 vulnerabilities by Delta Electronics

    CVE-2026-9642 (GCVE-0-2026-9642)

    Vulnerability from nvd – Published: 2026-05-26 19:36 – Updated: 2026-06-03 14:52
    VLAI

    This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2026-06-03T14:52:28.257Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
                }
              ],
              "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-9642",
        "datePublished": "2026-05-26T19:36:56.398Z",
        "dateRejected": "2026-06-03T14:52:28.257Z",
        "dateReserved": "2026-05-26T18:53:00.748Z",
        "dateUpdated": "2026-06-03T14:52:28.257Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1361 (GCVE-0-2026-1361)

    Vulnerability from nvd – Published: 2026-01-27 03:11 – Updated: 2026-01-27 14:20
    VLAI
    Title
    ASDA-Soft Stack-based Buffer Overflow Vulnerability
    Summary
    ASDA-Soft Stack-based Buffer Overflow Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics ASDA-Soft Affected: 0 , ≤ 7.2.0.0 (custom)
    Create a notification for this product.
    Date Public
    2026-01-27 02:25
    Credits
    CISA Zero Day Initiative (ZDI)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1361",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T14:19:01.437868Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T14:20:21.194Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "ASDA-Soft",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "CISA"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Zero Day Initiative (ZDI)"
            }
          ],
          "datePublic": "2026-01-27T02:25:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ASDA-Soft Stack-based Buffer Overflow Vulnerability"
                }
              ],
              "value": "ASDA-Soft Stack-based Buffer Overflow Vulnerability"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-27T03:11:57.514Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00003_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerability%20(CVE-2026-1361).pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Download and update to: ASDA-Soft v7.2.2.0 or later (Delta Download Center)\u003cbr\u003e"
                }
              ],
              "value": "Download and update to: ASDA-Soft v7.2.2.0 or later (Delta Download Center)"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ASDA-Soft Stack-based Buffer Overflow Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2026-1361",
        "datePublished": "2026-01-27T03:11:57.514Z",
        "dateReserved": "2026-01-23T00:59:14.367Z",
        "dateUpdated": "2026-01-27T14:20:21.194Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0975 (GCVE-0-2026-0975)

    Vulnerability from nvd – Published: 2026-01-16 06:01 – Updated: 2026-01-16 14:00
    VLAI
    Title
    DIAView - Command Injection Vulnerability
    Summary
    Delta Electronics DIAView has Command Injection vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DIAView Affected: 0 , ≤ 4.2.0 (custom)
    Create a notification for this product.
    Date Public
    2026-01-15 02:22
    Credits
    CISA ZDI
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0975",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-16T14:00:42.754921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-16T14:00:54.208Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "DIAView",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThanOrEqual": "4.2.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "CISA"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "ZDI"
            }
          ],
          "datePublic": "2026-01-15T02:22:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Delta Electronics DIAView has Command Injection vulnerability."
                }
              ],
              "value": "Delta Electronics DIAView has Command Injection vulnerability."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-19",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-19 Embedding Scripts within Scripts"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-16T06:01:59.903Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00002_DIAView%20-Exposed%20Dangerous%20Method%20Remote%20Code%20Execution%20(CVE-2026-0975).pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please download and upgrade DIAView to v4.4 or later."
                }
              ],
              "value": "Please download and upgrade DIAView to v4.4 or later."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DIAView - Command Injection Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2026-0975",
        "datePublished": "2026-01-16T06:01:59.903Z",
        "dateReserved": "2026-01-15T02:06:19.402Z",
        "dateUpdated": "2026-01-16T14:00:54.208Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62582 (GCVE-0-2025-62582)

    Vulnerability from nvd – Published: 2026-01-16 02:03 – Updated: 2026-06-04 14:58
    VLAI
    Title
    DIAView - Authentication Bypass Vulnerability
    Summary
    Delta Electronics DIAView has multiple vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DIAView Affected: 0 (custom)
    Create a notification for this product.
    Date Public
    2026-05-29 02:05
    Credits
    Tenable
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62582",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T14:58:50.380214Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T14:58:57.163Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "DIAView",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:delta_electronics:diaview:0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Tenable"
            }
          ],
          "datePublic": "2026-05-29T02:05:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Delta Electronics DIAView has multiple vulnerabilities."
                }
              ],
              "value": "Delta Electronics DIAView has multiple vulnerabilities."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL - v4.3.1 and prior"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL - v4.4.0 and later (Architectural Hardening)"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-04T08:26:58.695Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00008_DIAView%20Missing%20Authentication%20for%20Critical%20Function%20(CVE-2025-62582)_v1.1.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please\ndownload and upgrade DIAView to v4.4 or later.\u003cbr\u003e\nIn addition, to prevent a potential verification bypass on the database under\nsophisticated technical analysis, users are strongly advised to enforce\nfirewall isolation to\ncompletely restrict unauthorized remote access to the database."
                }
              ],
              "value": "Please\ndownload and upgrade DIAView to v4.4 or later.\n\nIn addition, to prevent a potential verification bypass on the database under\nsophisticated technical analysis, users are strongly advised to enforce\nfirewall isolation to\ncompletely restrict unauthorized remote access to the database."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DIAView - Authentication Bypass Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-62582",
        "datePublished": "2026-01-16T02:03:22.030Z",
        "dateReserved": "2025-10-16T01:07:48.959Z",
        "dateUpdated": "2026-06-04T14:58:57.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62581 (GCVE-0-2025-62581)

    Vulnerability from nvd – Published: 2026-01-16 02:20 – Updated: 2026-06-04 08:28
    VLAI
    Title
    DIAView - Authentication Bypass Vulnerability
    Summary
    Delta Electronics DIAView has multiple vulnerabilities.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DIAView Affected: 0 , ≤ 4.3.1 (custom)
    Create a notification for this product.
    Date Public
    2026-01-15 02:22
    Credits
    Tenable
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62581",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-16T14:49:07.304617Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-16T14:49:48.432Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "DIAView",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThanOrEqual": "4.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Tenable"
            }
          ],
          "datePublic": "2026-01-15T02:22:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Delta Electronics DIAView has multiple vulnerabilities."
                }
              ],
              "value": "Delta Electronics DIAView has multiple vulnerabilities."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-196",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-196: Session Credential Falsification through Forging"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321 Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-04T08:28:41.892Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00001_DIAView%20Use%20of%20Hard-coded%20Cryptographic%20Key%20(CVE-2025-62581)_v1.1.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please download and upgrade DIAView to v4.4 or later."
                }
              ],
              "value": "Please download and upgrade DIAView to v4.4 or later."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DIAView - Authentication Bypass Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-62581",
        "datePublished": "2026-01-16T02:20:04.063Z",
        "dateReserved": "2025-10-16T01:07:48.959Z",
        "dateUpdated": "2026-06-04T08:28:41.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15359 (GCVE-0-2025-15359)

    Vulnerability from nvd – Published: 2025-12-30 09:07 – Updated: 2025-12-30 15:56
    VLAI
    Title
    DVP-12SE11T - Out-of-bound memory write Vulnerability
    Summary
    DVP-12SE11T - Out-of-bound memory write Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DVP-12SE11T Affected: 0 , < 2.16 (custom)
    Create a notification for this product.
    Date Public
    2025-12-30 08:30
    Credits
    Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15359",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T13:46:50.702093Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T15:56:55.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DVP-12SE11T",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThan": "2.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT"
            }
          ],
          "datePublic": "2025-12-30T08:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DVP-12SE11T - Out-of-bound memory write Vulnerability\u003cbr\u003e"
                }
              ],
              "value": "DVP-12SE11T - Out-of-bound memory write Vulnerability"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-30T09:07:49.210Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade firmware to v2.16 or later"
                }
              ],
              "value": "Upgrade firmware to v2.16 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DVP-12SE11T - Out-of-bound memory write Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-15359",
        "datePublished": "2025-12-30T09:07:04.319Z",
        "dateReserved": "2025-12-30T07:32:14.455Z",
        "dateUpdated": "2025-12-30T15:56:55.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15358 (GCVE-0-2025-15358)

    Vulnerability from nvd – Published: 2025-12-30 09:04 – Updated: 2025-12-30 15:57
    VLAI
    Title
    DVP-12SE11T - Denial of Service Vulnerability
    Summary
    DVP-12SE11T - Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DVP-12SE11T Affected: 0 , < 2.16 (custom)
    Create a notification for this product.
    Date Public
    2025-12-30 08:30
    Credits
    Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T13:47:02.875652Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T15:57:00.870Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DVP-12SE11T",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThan": "2.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT"
            }
          ],
          "datePublic": "2025-12-30T08:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DVP-12SE11T - Denial of Service Vulnerability\u003cbr\u003e"
                }
              ],
              "value": "DVP-12SE11T - Denial of Service Vulnerability"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-131",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-131 Resource Leak Exposure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-30T09:04:41.325Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade firmware to v2.16 or later"
                }
              ],
              "value": "Upgrade firmware to v2.16 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DVP-12SE11T - Denial of Service Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-15358",
        "datePublished": "2025-12-30T09:04:41.325Z",
        "dateReserved": "2025-12-30T07:32:10.511Z",
        "dateUpdated": "2025-12-30T15:57:00.870Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15103 (GCVE-0-2025-15103)

    Vulnerability from nvd – Published: 2025-12-30 08:55 – Updated: 2025-12-30 15:57
    VLAI
    Title
    DVP-12SE11T - Authentication Bypass via Partial Password Disclosure
    Summary
    DVP-12SE11T - Authentication Bypass via Partial Password Disclosure
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DVP-12SE11T Affected: 0 , < 2.16 (custom)
    Create a notification for this product.
    Date Public
    2025-12-30 08:30
    Credits
    Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15103",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T13:47:11.557973Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T15:57:07.318Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DVP-12SE11T",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThan": "2.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT"
            }
          ],
          "datePublic": "2025-12-30T08:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DVP-12SE11T - Authentication Bypass via Partial Password Disclosure\u003cbr\u003e"
                }
              ],
              "value": "DVP-12SE11T - Authentication Bypass via Partial Password Disclosure"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-30T08:55:49.441Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade firmware to v2.16 or later"
                }
              ],
              "value": "Upgrade firmware to v2.16 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DVP-12SE11T - Authentication Bypass via Partial Password Disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-15103",
        "datePublished": "2025-12-30T08:55:49.441Z",
        "dateReserved": "2025-12-26T03:25:51.691Z",
        "dateUpdated": "2025-12-30T15:57:07.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15102 (GCVE-0-2025-15102)

    Vulnerability from nvd – Published: 2025-12-30 08:48 – Updated: 2025-12-30 15:57
    VLAI
    Title
    DVP-12SE11T - Password Protection Bypass
    Summary
    DVP-12SE11T - Password Protection Bypass
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DVP-12SE11T Affected: 0 , < 2.16 (custom)
    Create a notification for this product.
    Date Public
    2025-12-30 08:30
    Credits
    Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15102",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T13:47:30.681140Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T15:57:12.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DVP-12SE11T",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThan": "2.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT"
            }
          ],
          "datePublic": "2025-12-30T08:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DVP-12SE11T - Password Protection Bypass\u003cbr\u003e"
                }
              ],
              "value": "DVP-12SE11T - Password Protection Bypass"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-30T08:48:31.567Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Users are advised to implement robust network-level countermeasures in accordance with industry best practices for security.\u003cbr\u003eWe recommend that users take the following security precautions:\u003cbr\u003e\u0026gt; Utilize the Product\u0027s IP Whitelisting Feature: Employ the device\u0027s built-in IP whitelisting function to restrict Modbus/TCP access solely to known, trusted client IP addresses.\u003cbr\u003e\u0026gt; Implement Network Segmentation: Ensure the product is placed within a highly segregated zone\u003cbr\u003e\u0026gt; Utilize industrial firewalls to monitor Modbus/TCP traffic\u003cbr\u003e"
                }
              ],
              "value": "Users are advised to implement robust network-level countermeasures in accordance with industry best practices for security.\nWe recommend that users take the following security precautions:\n\u003e Utilize the Product\u0027s IP Whitelisting Feature: Employ the device\u0027s built-in IP whitelisting function to restrict Modbus/TCP access solely to known, trusted client IP addresses.\n\u003e Implement Network Segmentation: Ensure the product is placed within a highly segregated zone\n\u003e Utilize industrial firewalls to monitor Modbus/TCP traffic"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DVP-12SE11T - Password Protection Bypass",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-15102",
        "datePublished": "2025-12-30T08:48:31.567Z",
        "dateReserved": "2025-12-26T03:25:49.157Z",
        "dateUpdated": "2025-12-30T15:57:12.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62578 (GCVE-0-2025-62578)

    Vulnerability from nvd – Published: 2025-12-26 06:05 – Updated: 2025-12-29 00:57
    VLAI
    Title
    DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information
    Summary
    DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DVP-12SE Affected: 0 , ≤ * (custom)
    Create a notification for this product.
    Date Public
    2025-12-26 05:30
    Credits
    Praneeta Krishnaprasad Maganti of BITS Pilani, Hyderabad Campus Rajib Ranjan Maiti of BITS Pilani, Hyderabad Campus
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62578",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-26T15:53:11.879652Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-26T15:53:17.972Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DVP-12SE",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThanOrEqual": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Praneeta Krishnaprasad Maganti of BITS Pilani, Hyderabad Campus"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Rajib Ranjan Maiti of BITS Pilani, Hyderabad Campus"
            }
          ],
          "datePublic": "2025-12-26T05:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information\u003cbr\u003e"
                }
              ],
              "value": "DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-157",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-157 Sniffing Attacks"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T00:57:42.778Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00021_DVP-12SE%20ModbusTCP%20Cleartext%20Transmission%20of%20Sensitive%20Info.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Users are advised to implement robust network-level countermeasures in accordance with industry best practices for security.\u003cbr\u003eWe recommend that users take the following security precautions:\u003cbr\u003e\u0026gt; Utilize the Product\u0027s IP Whitelisting Feature: Employ the device\u0027s built-in IP whitelisting function to restrict Modbus/TCP access solely to known, trusted client IP addresses.\u003cbr\u003e\u0026gt; Implement Network Segmentation: Ensure the product is placed within a highly segregated zone\u003cbr\u003e\u0026gt; Utilize industrial firewalls to monitor Modbus/TCP traffic\u003cbr\u003e"
                }
              ],
              "value": "Users are advised to implement robust network-level countermeasures in accordance with industry best practices for security.\nWe recommend that users take the following security precautions:\n\u003e Utilize the Product\u0027s IP Whitelisting Feature: Employ the device\u0027s built-in IP whitelisting function to restrict Modbus/TCP access solely to known, trusted client IP addresses.\n\u003e Implement Network Segmentation: Ensure the product is placed within a highly segregated zone\n\u003e Utilize industrial firewalls to monitor Modbus/TCP traffic"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-62578",
        "datePublished": "2025-12-26T06:05:01.035Z",
        "dateReserved": "2025-10-16T01:07:48.958Z",
        "dateUpdated": "2025-12-29T00:57:42.778Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59301 (GCVE-0-2025-59301)

    Vulnerability from nvd – Published: 2025-12-22 02:56 – Updated: 2025-12-22 15:08
    VLAI
    Title
    Modbus/TCP Dos Vulnerability in DVP15MC11T
    Summary
    Delta Electronics DVP15MC11T lacks proper validation of the modbus/tcp packets and can lead to denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DVP15MC11T Affected: 0 , < 1.16.0 (custom)
    Create a notification for this product.
    Date Public
    2025-12-22 01:55
    Credits
    CNVD
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59301",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-22T15:08:28.777409Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-22T15:08:55.949Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DVP15MC11T",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThan": "1.16.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "CNVD"
            }
          ],
          "datePublic": "2025-12-22T01:55:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Delta Electronics DVP15MC11T\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;lacks proper validation of the modbus/tcp packets and can lead to denial of service.\u003c/span\u003e"
                }
              ],
              "value": "Delta Electronics DVP15MC11T\u00a0lacks proper validation of the modbus/tcp packets and can lead to denial of service."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-22T02:56:42.733Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00020_DVP15MC11T%20Modbus%20TCP%20DoS%20Vulnerability.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade firmware to v1.16.0 or later\u003cbr\u003e"
                }
              ],
              "value": "Upgrade firmware to v1.16.0 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Modbus/TCP Dos Vulnerability in DVP15MC11T",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-59301",
        "datePublished": "2025-12-22T02:56:42.733Z",
        "dateReserved": "2025-09-12T01:31:46.229Z",
        "dateUpdated": "2025-12-22T15:08:55.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62580 (GCVE-0-2025-62580)

    Vulnerability from nvd – Published: 2025-10-16 01:33 – Updated: 2025-10-21 08:41
    VLAI
    Title
    ASDA-Soft Stack-based Buffer Overflow Vulnerability
    Summary
    ASDA-Soft Stack-based Buffer Overflow Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics ASDA-Soft Affected: 0 , ≤ 7.0.2.0 (custom)
    Create a notification for this product.
    Date Public
    2025-10-16 01:25
    Credits
    Guillaume Orlando working with Trend Micro Zero Day Initiative CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62580",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T14:37:51.915792Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T14:37:59.205Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "ASDA-Soft",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.2.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Guillaume Orlando working with Trend Micro Zero Day Initiative"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "CISA"
            }
          ],
          "datePublic": "2025-10-16T01:25:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ASDA-Soft Stack-based Buffer Overflow Vulnerability"
                }
              ],
              "value": "ASDA-Soft Stack-based Buffer Overflow Vulnerability"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-21T08:41:46.790Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00019_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerabilities.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Download and update to: v7.1.1.0 or later\u003cbr\u003e"
                }
              ],
              "value": "Download and update to: v7.1.1.0 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ASDA-Soft Stack-based Buffer Overflow Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-62580",
        "datePublished": "2025-10-16T01:33:35.691Z",
        "dateReserved": "2025-10-16T01:07:48.959Z",
        "dateUpdated": "2025-10-21T08:41:46.790Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-62579 (GCVE-0-2025-62579)

    Vulnerability from nvd – Published: 2025-10-16 01:31 – Updated: 2025-10-21 08:41
    VLAI
    Title
    ASDA-Soft Stack-based Buffer Overflow Vulnerability
    Summary
    ASDA-Soft Stack-based Buffer Overflow Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics ASDA-Soft Affected: 0 , ≤ 7.0.2.0 (custom)
    Create a notification for this product.
    Date Public
    2025-10-16 01:25
    Credits
    Guillaume Orlando working with Trend Micro Zero Day Initiative CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62579",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T14:38:07.849545Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T14:38:15.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "ASDA-Soft",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.2.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Guillaume Orlando working with Trend Micro Zero Day Initiative"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "CISA"
            }
          ],
          "datePublic": "2025-10-16T01:25:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ASDA-Soft Stack-based Buffer Overflow Vulnerability"
                }
              ],
              "value": "ASDA-Soft Stack-based Buffer Overflow Vulnerability"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-21T08:41:23.980Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00019_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerabilities.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Download and update to: v7.1.1.0 or later\u003cbr\u003e"
                }
              ],
              "value": "Download and update to: v7.1.1.0 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ASDA-Soft Stack-based Buffer Overflow Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-62579",
        "datePublished": "2025-10-16T01:31:38.135Z",
        "dateReserved": "2025-10-16T01:07:48.959Z",
        "dateUpdated": "2025-10-21T08:41:23.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59300 (GCVE-0-2025-59300)

    Vulnerability from nvd – Published: 2025-10-03 02:24 – Updated: 2025-10-07 01:04
    VLAI
    Title
    File Parsing Out-Of-Bounds Write Vulnerability in DIAScreen
    Summary
    Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DIAScreen Affected: 0 , < 1.6.1 (custom)
    Create a notification for this product.
    Date Public
    2025-10-03 01:55
    Credits
    Natnael Samson working with Trend Micro Zero Day Initiative CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59300",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-03T15:53:47.570951Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-03T15:54:04.106Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "DIAScreen",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThan": "1.6.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Natnael Samson working with Trend Micro Zero Day Initiative"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "CISA"
            }
          ],
          "datePublic": "2025-10-03T01:55:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Delta Electronics DIAScreen\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e"
                }
              ],
              "value": "Delta Electronics DIAScreen\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-Of-Bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-07T01:04:20.201Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00018_DIAScreen%20File%20Parsing%20Out-Of-Bounds%20Write%20Vulnerability.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Download and update to DIAScreen v1.6.1 or later\u003cbr\u003e"
                }
              ],
              "value": "Download and update to DIAScreen v1.6.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "File Parsing Out-Of-Bounds Write Vulnerability in DIAScreen",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-59300",
        "datePublished": "2025-10-03T02:24:40.509Z",
        "dateReserved": "2025-09-12T01:31:46.229Z",
        "dateUpdated": "2025-10-07T01:04:20.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59299 (GCVE-0-2025-59299)

    Vulnerability from nvd – Published: 2025-10-03 02:24 – Updated: 2025-10-07 01:04
    VLAI
    Title
    File Parsing Out-Of-Bounds Write Vulnerability in DIAScreen
    Summary
    Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DIAScreen Affected: 0 , < 1.6.1 (custom)
    Create a notification for this product.
    Date Public
    2025-10-03 01:55
    Credits
    Natnael Samson working with Trend Micro Zero Day Initiative CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-03T15:52:30.364652Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-03T15:52:54.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "DIAScreen",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThan": "1.6.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Natnael Samson working with Trend Micro Zero Day Initiative"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "CISA"
            }
          ],
          "datePublic": "2025-10-03T01:55:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Delta Electronics DIAScreen\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e"
                }
              ],
              "value": "Delta Electronics DIAScreen\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-Of-Bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-07T01:04:04.708Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00018_DIAScreen%20File%20Parsing%20Out-Of-Bounds%20Write%20Vulnerability.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Download and update to DIAScreen v1.6.1 or later\u003cbr\u003e"
                }
              ],
              "value": "Download and update to DIAScreen v1.6.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "File Parsing Out-Of-Bounds Write Vulnerability in DIAScreen",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-59299",
        "datePublished": "2025-10-03T02:24:30.081Z",
        "dateReserved": "2025-09-12T01:31:46.229Z",
        "dateUpdated": "2025-10-07T01:04:04.708Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59298 (GCVE-0-2025-59298)

    Vulnerability from nvd – Published: 2025-10-03 02:22 – Updated: 2025-10-07 01:03
    VLAI
    Title
    File Parsing Out-Of-Bounds Write Vulnerability in DIAScreen
    Summary
    Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DIAScreen Affected: 0 , < 1.6.1 (custom)
    Create a notification for this product.
    Date Public
    2025-10-03 01:55
    Credits
    Natnael Samson working with Trend Micro Zero Day Initiative CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59298",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-03T15:51:24.286034Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-03T15:52:13.147Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "DIAScreen",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThan": "1.6.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Natnael Samson working with Trend Micro Zero Day Initiative"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "CISA"
            }
          ],
          "datePublic": "2025-10-03T01:55:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Delta Electronics DIAScreen\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e"
                }
              ],
              "value": "Delta Electronics DIAScreen\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-Of-Bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-07T01:03:48.728Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00018_DIAScreen%20File%20Parsing%20Out-Of-Bounds%20Write%20Vulnerability.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Download and update to DIAScreen v1.6.1 or later\u003cbr\u003e"
                }
              ],
              "value": "Download and update to DIAScreen v1.6.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "File Parsing Out-Of-Bounds Write Vulnerability in DIAScreen",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-59298",
        "datePublished": "2025-10-03T02:22:49.151Z",
        "dateReserved": "2025-09-12T01:31:46.228Z",
        "dateUpdated": "2025-10-07T01:03:48.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59297 (GCVE-0-2025-59297)

    Vulnerability from nvd – Published: 2025-10-03 02:21 – Updated: 2025-10-07 01:03
    VLAI
    Title
    File Parsing Out-Of-Bounds Write Vulnerability in DIAScreen
    Summary
    Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DIAScreen Affected: 0 , < 1.6.1 (custom)
    Create a notification for this product.
    Date Public
    2025-10-03 01:55
    Credits
    Natnael Samson working with Trend Micro Zero Day Initiative CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-03T15:50:32.449514Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-03T15:50:47.255Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "DIAScreen",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThan": "1.6.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Natnael Samson working with Trend Micro Zero Day Initiative"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "CISA"
            }
          ],
          "datePublic": "2025-10-03T01:55:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Delta Electronics DIAScreen\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e"
                }
              ],
              "value": "Delta Electronics DIAScreen\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-Of-Bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-07T01:03:20.129Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00018_DIAScreen%20File%20Parsing%20Out-Of-Bounds%20Write%20Vulnerability.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Download and update to DIAScreen v1.6.1 or later\u003cbr\u003e"
                }
              ],
              "value": "Download and update to DIAScreen v1.6.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "File Parsing Out-Of-Bounds Write Vulnerability in DIAScreen",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-59297",
        "datePublished": "2025-10-03T02:21:47.522Z",
        "dateReserved": "2025-09-12T01:31:46.228Z",
        "dateUpdated": "2025-10-07T01:03:20.129Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-9642 (GCVE-0-2026-9642)

    Vulnerability from cvelistv5 – Published: 2026-05-26 19:36 – Updated: 2026-06-03 14:52
    VLAI

    This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2026-06-03T14:52:28.257Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
                }
              ],
              "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-9642",
        "datePublished": "2026-05-26T19:36:56.398Z",
        "dateRejected": "2026-06-03T14:52:28.257Z",
        "dateReserved": "2026-05-26T18:53:00.748Z",
        "dateUpdated": "2026-06-03T14:52:28.257Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1361 (GCVE-0-2026-1361)

    Vulnerability from cvelistv5 – Published: 2026-01-27 03:11 – Updated: 2026-01-27 14:20
    VLAI
    Title
    ASDA-Soft Stack-based Buffer Overflow Vulnerability
    Summary
    ASDA-Soft Stack-based Buffer Overflow Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics ASDA-Soft Affected: 0 , ≤ 7.2.0.0 (custom)
    Create a notification for this product.
    Date Public
    2026-01-27 02:25
    Credits
    CISA Zero Day Initiative (ZDI)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1361",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T14:19:01.437868Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T14:20:21.194Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "ASDA-Soft",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "CISA"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Zero Day Initiative (ZDI)"
            }
          ],
          "datePublic": "2026-01-27T02:25:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ASDA-Soft Stack-based Buffer Overflow Vulnerability"
                }
              ],
              "value": "ASDA-Soft Stack-based Buffer Overflow Vulnerability"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-27T03:11:57.514Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00003_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerability%20(CVE-2026-1361).pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Download and update to: ASDA-Soft v7.2.2.0 or later (Delta Download Center)\u003cbr\u003e"
                }
              ],
              "value": "Download and update to: ASDA-Soft v7.2.2.0 or later (Delta Download Center)"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ASDA-Soft Stack-based Buffer Overflow Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2026-1361",
        "datePublished": "2026-01-27T03:11:57.514Z",
        "dateReserved": "2026-01-23T00:59:14.367Z",
        "dateUpdated": "2026-01-27T14:20:21.194Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0975 (GCVE-0-2026-0975)

    Vulnerability from cvelistv5 – Published: 2026-01-16 06:01 – Updated: 2026-01-16 14:00
    VLAI
    Title
    DIAView - Command Injection Vulnerability
    Summary
    Delta Electronics DIAView has Command Injection vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DIAView Affected: 0 , ≤ 4.2.0 (custom)
    Create a notification for this product.
    Date Public
    2026-01-15 02:22
    Credits
    CISA ZDI
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0975",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-16T14:00:42.754921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-16T14:00:54.208Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "DIAView",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThanOrEqual": "4.2.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "CISA"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "ZDI"
            }
          ],
          "datePublic": "2026-01-15T02:22:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Delta Electronics DIAView has Command Injection vulnerability."
                }
              ],
              "value": "Delta Electronics DIAView has Command Injection vulnerability."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-19",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-19 Embedding Scripts within Scripts"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-16T06:01:59.903Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00002_DIAView%20-Exposed%20Dangerous%20Method%20Remote%20Code%20Execution%20(CVE-2026-0975).pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please download and upgrade DIAView to v4.4 or later."
                }
              ],
              "value": "Please download and upgrade DIAView to v4.4 or later."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DIAView - Command Injection Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2026-0975",
        "datePublished": "2026-01-16T06:01:59.903Z",
        "dateReserved": "2026-01-15T02:06:19.402Z",
        "dateUpdated": "2026-01-16T14:00:54.208Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62581 (GCVE-0-2025-62581)

    Vulnerability from cvelistv5 – Published: 2026-01-16 02:20 – Updated: 2026-06-04 08:28
    VLAI
    Title
    DIAView - Authentication Bypass Vulnerability
    Summary
    Delta Electronics DIAView has multiple vulnerabilities.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DIAView Affected: 0 , ≤ 4.3.1 (custom)
    Create a notification for this product.
    Date Public
    2026-01-15 02:22
    Credits
    Tenable
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62581",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-16T14:49:07.304617Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-16T14:49:48.432Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "DIAView",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThanOrEqual": "4.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Tenable"
            }
          ],
          "datePublic": "2026-01-15T02:22:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Delta Electronics DIAView has multiple vulnerabilities."
                }
              ],
              "value": "Delta Electronics DIAView has multiple vulnerabilities."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-196",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-196: Session Credential Falsification through Forging"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321 Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-04T08:28:41.892Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00001_DIAView%20Use%20of%20Hard-coded%20Cryptographic%20Key%20(CVE-2025-62581)_v1.1.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please download and upgrade DIAView to v4.4 or later."
                }
              ],
              "value": "Please download and upgrade DIAView to v4.4 or later."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DIAView - Authentication Bypass Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-62581",
        "datePublished": "2026-01-16T02:20:04.063Z",
        "dateReserved": "2025-10-16T01:07:48.959Z",
        "dateUpdated": "2026-06-04T08:28:41.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62582 (GCVE-0-2025-62582)

    Vulnerability from cvelistv5 – Published: 2026-01-16 02:03 – Updated: 2026-06-04 14:58
    VLAI
    Title
    DIAView - Authentication Bypass Vulnerability
    Summary
    Delta Electronics DIAView has multiple vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DIAView Affected: 0 (custom)
    Create a notification for this product.
    Date Public
    2026-05-29 02:05
    Credits
    Tenable
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62582",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T14:58:50.380214Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T14:58:57.163Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "DIAView",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:delta_electronics:diaview:0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Tenable"
            }
          ],
          "datePublic": "2026-05-29T02:05:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Delta Electronics DIAView has multiple vulnerabilities."
                }
              ],
              "value": "Delta Electronics DIAView has multiple vulnerabilities."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL - v4.3.1 and prior"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL - v4.4.0 and later (Architectural Hardening)"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-04T08:26:58.695Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00008_DIAView%20Missing%20Authentication%20for%20Critical%20Function%20(CVE-2025-62582)_v1.1.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please\ndownload and upgrade DIAView to v4.4 or later.\u003cbr\u003e\nIn addition, to prevent a potential verification bypass on the database under\nsophisticated technical analysis, users are strongly advised to enforce\nfirewall isolation to\ncompletely restrict unauthorized remote access to the database."
                }
              ],
              "value": "Please\ndownload and upgrade DIAView to v4.4 or later.\n\nIn addition, to prevent a potential verification bypass on the database under\nsophisticated technical analysis, users are strongly advised to enforce\nfirewall isolation to\ncompletely restrict unauthorized remote access to the database."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DIAView - Authentication Bypass Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-62582",
        "datePublished": "2026-01-16T02:03:22.030Z",
        "dateReserved": "2025-10-16T01:07:48.959Z",
        "dateUpdated": "2026-06-04T14:58:57.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15359 (GCVE-0-2025-15359)

    Vulnerability from cvelistv5 – Published: 2025-12-30 09:07 – Updated: 2025-12-30 15:56
    VLAI
    Title
    DVP-12SE11T - Out-of-bound memory write Vulnerability
    Summary
    DVP-12SE11T - Out-of-bound memory write Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DVP-12SE11T Affected: 0 , < 2.16 (custom)
    Create a notification for this product.
    Date Public
    2025-12-30 08:30
    Credits
    Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15359",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T13:46:50.702093Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T15:56:55.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DVP-12SE11T",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThan": "2.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT"
            }
          ],
          "datePublic": "2025-12-30T08:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DVP-12SE11T - Out-of-bound memory write Vulnerability\u003cbr\u003e"
                }
              ],
              "value": "DVP-12SE11T - Out-of-bound memory write Vulnerability"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-30T09:07:49.210Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade firmware to v2.16 or later"
                }
              ],
              "value": "Upgrade firmware to v2.16 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DVP-12SE11T - Out-of-bound memory write Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-15359",
        "datePublished": "2025-12-30T09:07:04.319Z",
        "dateReserved": "2025-12-30T07:32:14.455Z",
        "dateUpdated": "2025-12-30T15:56:55.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15358 (GCVE-0-2025-15358)

    Vulnerability from cvelistv5 – Published: 2025-12-30 09:04 – Updated: 2025-12-30 15:57
    VLAI
    Title
    DVP-12SE11T - Denial of Service Vulnerability
    Summary
    DVP-12SE11T - Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DVP-12SE11T Affected: 0 , < 2.16 (custom)
    Create a notification for this product.
    Date Public
    2025-12-30 08:30
    Credits
    Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T13:47:02.875652Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T15:57:00.870Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DVP-12SE11T",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThan": "2.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT"
            }
          ],
          "datePublic": "2025-12-30T08:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DVP-12SE11T - Denial of Service Vulnerability\u003cbr\u003e"
                }
              ],
              "value": "DVP-12SE11T - Denial of Service Vulnerability"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-131",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-131 Resource Leak Exposure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-30T09:04:41.325Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade firmware to v2.16 or later"
                }
              ],
              "value": "Upgrade firmware to v2.16 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DVP-12SE11T - Denial of Service Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-15358",
        "datePublished": "2025-12-30T09:04:41.325Z",
        "dateReserved": "2025-12-30T07:32:10.511Z",
        "dateUpdated": "2025-12-30T15:57:00.870Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15103 (GCVE-0-2025-15103)

    Vulnerability from cvelistv5 – Published: 2025-12-30 08:55 – Updated: 2025-12-30 15:57
    VLAI
    Title
    DVP-12SE11T - Authentication Bypass via Partial Password Disclosure
    Summary
    DVP-12SE11T - Authentication Bypass via Partial Password Disclosure
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DVP-12SE11T Affected: 0 , < 2.16 (custom)
    Create a notification for this product.
    Date Public
    2025-12-30 08:30
    Credits
    Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15103",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T13:47:11.557973Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T15:57:07.318Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DVP-12SE11T",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThan": "2.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT"
            }
          ],
          "datePublic": "2025-12-30T08:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DVP-12SE11T - Authentication Bypass via Partial Password Disclosure\u003cbr\u003e"
                }
              ],
              "value": "DVP-12SE11T - Authentication Bypass via Partial Password Disclosure"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-30T08:55:49.441Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade firmware to v2.16 or later"
                }
              ],
              "value": "Upgrade firmware to v2.16 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DVP-12SE11T - Authentication Bypass via Partial Password Disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-15103",
        "datePublished": "2025-12-30T08:55:49.441Z",
        "dateReserved": "2025-12-26T03:25:51.691Z",
        "dateUpdated": "2025-12-30T15:57:07.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15102 (GCVE-0-2025-15102)

    Vulnerability from cvelistv5 – Published: 2025-12-30 08:48 – Updated: 2025-12-30 15:57
    VLAI
    Title
    DVP-12SE11T - Password Protection Bypass
    Summary
    DVP-12SE11T - Password Protection Bypass
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DVP-12SE11T Affected: 0 , < 2.16 (custom)
    Create a notification for this product.
    Date Public
    2025-12-30 08:30
    Credits
    Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15102",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T13:47:30.681140Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T15:57:12.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DVP-12SE11T",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThan": "2.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT"
            }
          ],
          "datePublic": "2025-12-30T08:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DVP-12SE11T - Password Protection Bypass\u003cbr\u003e"
                }
              ],
              "value": "DVP-12SE11T - Password Protection Bypass"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-30T08:48:31.567Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Users are advised to implement robust network-level countermeasures in accordance with industry best practices for security.\u003cbr\u003eWe recommend that users take the following security precautions:\u003cbr\u003e\u0026gt; Utilize the Product\u0027s IP Whitelisting Feature: Employ the device\u0027s built-in IP whitelisting function to restrict Modbus/TCP access solely to known, trusted client IP addresses.\u003cbr\u003e\u0026gt; Implement Network Segmentation: Ensure the product is placed within a highly segregated zone\u003cbr\u003e\u0026gt; Utilize industrial firewalls to monitor Modbus/TCP traffic\u003cbr\u003e"
                }
              ],
              "value": "Users are advised to implement robust network-level countermeasures in accordance with industry best practices for security.\nWe recommend that users take the following security precautions:\n\u003e Utilize the Product\u0027s IP Whitelisting Feature: Employ the device\u0027s built-in IP whitelisting function to restrict Modbus/TCP access solely to known, trusted client IP addresses.\n\u003e Implement Network Segmentation: Ensure the product is placed within a highly segregated zone\n\u003e Utilize industrial firewalls to monitor Modbus/TCP traffic"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DVP-12SE11T - Password Protection Bypass",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-15102",
        "datePublished": "2025-12-30T08:48:31.567Z",
        "dateReserved": "2025-12-26T03:25:49.157Z",
        "dateUpdated": "2025-12-30T15:57:12.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62578 (GCVE-0-2025-62578)

    Vulnerability from cvelistv5 – Published: 2025-12-26 06:05 – Updated: 2025-12-29 00:57
    VLAI
    Title
    DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information
    Summary
    DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DVP-12SE Affected: 0 , ≤ * (custom)
    Create a notification for this product.
    Date Public
    2025-12-26 05:30
    Credits
    Praneeta Krishnaprasad Maganti of BITS Pilani, Hyderabad Campus Rajib Ranjan Maiti of BITS Pilani, Hyderabad Campus
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62578",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-26T15:53:11.879652Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-26T15:53:17.972Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DVP-12SE",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThanOrEqual": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Praneeta Krishnaprasad Maganti of BITS Pilani, Hyderabad Campus"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Rajib Ranjan Maiti of BITS Pilani, Hyderabad Campus"
            }
          ],
          "datePublic": "2025-12-26T05:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information\u003cbr\u003e"
                }
              ],
              "value": "DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-157",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-157 Sniffing Attacks"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T00:57:42.778Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00021_DVP-12SE%20ModbusTCP%20Cleartext%20Transmission%20of%20Sensitive%20Info.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Users are advised to implement robust network-level countermeasures in accordance with industry best practices for security.\u003cbr\u003eWe recommend that users take the following security precautions:\u003cbr\u003e\u0026gt; Utilize the Product\u0027s IP Whitelisting Feature: Employ the device\u0027s built-in IP whitelisting function to restrict Modbus/TCP access solely to known, trusted client IP addresses.\u003cbr\u003e\u0026gt; Implement Network Segmentation: Ensure the product is placed within a highly segregated zone\u003cbr\u003e\u0026gt; Utilize industrial firewalls to monitor Modbus/TCP traffic\u003cbr\u003e"
                }
              ],
              "value": "Users are advised to implement robust network-level countermeasures in accordance with industry best practices for security.\nWe recommend that users take the following security precautions:\n\u003e Utilize the Product\u0027s IP Whitelisting Feature: Employ the device\u0027s built-in IP whitelisting function to restrict Modbus/TCP access solely to known, trusted client IP addresses.\n\u003e Implement Network Segmentation: Ensure the product is placed within a highly segregated zone\n\u003e Utilize industrial firewalls to monitor Modbus/TCP traffic"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-62578",
        "datePublished": "2025-12-26T06:05:01.035Z",
        "dateReserved": "2025-10-16T01:07:48.958Z",
        "dateUpdated": "2025-12-29T00:57:42.778Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59301 (GCVE-0-2025-59301)

    Vulnerability from cvelistv5 – Published: 2025-12-22 02:56 – Updated: 2025-12-22 15:08
    VLAI
    Title
    Modbus/TCP Dos Vulnerability in DVP15MC11T
    Summary
    Delta Electronics DVP15MC11T lacks proper validation of the modbus/tcp packets and can lead to denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics DVP15MC11T Affected: 0 , < 1.16.0 (custom)
    Create a notification for this product.
    Date Public
    2025-12-22 01:55
    Credits
    CNVD
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59301",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-22T15:08:28.777409Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-22T15:08:55.949Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DVP15MC11T",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThan": "1.16.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "CNVD"
            }
          ],
          "datePublic": "2025-12-22T01:55:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Delta Electronics DVP15MC11T\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;lacks proper validation of the modbus/tcp packets and can lead to denial of service.\u003c/span\u003e"
                }
              ],
              "value": "Delta Electronics DVP15MC11T\u00a0lacks proper validation of the modbus/tcp packets and can lead to denial of service."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-22T02:56:42.733Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00020_DVP15MC11T%20Modbus%20TCP%20DoS%20Vulnerability.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade firmware to v1.16.0 or later\u003cbr\u003e"
                }
              ],
              "value": "Upgrade firmware to v1.16.0 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Modbus/TCP Dos Vulnerability in DVP15MC11T",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-59301",
        "datePublished": "2025-12-22T02:56:42.733Z",
        "dateReserved": "2025-09-12T01:31:46.229Z",
        "dateUpdated": "2025-12-22T15:08:55.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62580 (GCVE-0-2025-62580)

    Vulnerability from cvelistv5 – Published: 2025-10-16 01:33 – Updated: 2025-10-21 08:41
    VLAI
    Title
    ASDA-Soft Stack-based Buffer Overflow Vulnerability
    Summary
    ASDA-Soft Stack-based Buffer Overflow Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics ASDA-Soft Affected: 0 , ≤ 7.0.2.0 (custom)
    Create a notification for this product.
    Date Public
    2025-10-16 01:25
    Credits
    Guillaume Orlando working with Trend Micro Zero Day Initiative CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62580",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T14:37:51.915792Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T14:37:59.205Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "ASDA-Soft",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.2.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Guillaume Orlando working with Trend Micro Zero Day Initiative"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "CISA"
            }
          ],
          "datePublic": "2025-10-16T01:25:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ASDA-Soft Stack-based Buffer Overflow Vulnerability"
                }
              ],
              "value": "ASDA-Soft Stack-based Buffer Overflow Vulnerability"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-21T08:41:46.790Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00019_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerabilities.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Download and update to: v7.1.1.0 or later\u003cbr\u003e"
                }
              ],
              "value": "Download and update to: v7.1.1.0 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ASDA-Soft Stack-based Buffer Overflow Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-62580",
        "datePublished": "2025-10-16T01:33:35.691Z",
        "dateReserved": "2025-10-16T01:07:48.959Z",
        "dateUpdated": "2025-10-21T08:41:46.790Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-62579 (GCVE-0-2025-62579)

    Vulnerability from cvelistv5 – Published: 2025-10-16 01:31 – Updated: 2025-10-21 08:41
    VLAI
    Title
    ASDA-Soft Stack-based Buffer Overflow Vulnerability
    Summary
    ASDA-Soft Stack-based Buffer Overflow Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Delta Electronics ASDA-Soft Affected: 0 , ≤ 7.0.2.0 (custom)
    Create a notification for this product.
    Date Public
    2025-10-16 01:25
    Credits
    Guillaume Orlando working with Trend Micro Zero Day Initiative CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62579",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T14:38:07.849545Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T14:38:15.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "ASDA-Soft",
              "vendor": "Delta Electronics",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.2.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Guillaume Orlando working with Trend Micro Zero Day Initiative"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "CISA"
            }
          ],
          "datePublic": "2025-10-16T01:25:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ASDA-Soft Stack-based Buffer Overflow Vulnerability"
                }
              ],
              "value": "ASDA-Soft Stack-based Buffer Overflow Vulnerability"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-21T08:41:23.980Z",
            "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
            "shortName": "Deltaww"
          },
          "references": [
            {
              "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00019_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerabilities.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Download and update to: v7.1.1.0 or later\u003cbr\u003e"
                }
              ],
              "value": "Download and update to: v7.1.1.0 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ASDA-Soft Stack-based Buffer Overflow Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "assignerShortName": "Deltaww",
        "cveId": "CVE-2025-62579",
        "datePublished": "2025-10-16T01:31:38.135Z",
        "dateReserved": "2025-10-16T01:07:48.959Z",
        "dateUpdated": "2025-10-21T08:41:23.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }