Delta Electronics
Products
29- 82 CVEs
- 32 CVEs
- 29 CVEs
- 26 CVEs
- 18 CVEs
- 14 CVEs
- 14 CVEs
- 12 CVEs
- 10 CVEs
- 9 CVEs
- 9 CVEs
- 8 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
287| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10594 | Cri | 0.72 | 9.8 | 0.69 | Jun 26, 2018 | Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network… | ||
| CVE-2026-1951 | Cri | 0.64 | 9.8 | 0.01 | Apr 24, 2026 | Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability. | ||
| CVE-2026-1949 | Cri | 0.64 | 9.8 | 0.01 | Apr 24, 2026 | Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service. | ||
| CVE-2025-62582 | Cri | 0.64 | 9.8 | 0.00 | Jan 16, 2026 | Delta Electronics DIAView has multiple vulnerabilities. | ||
| CVE-2025-62581 | Cri | 0.64 | 9.8 | 0.01 | Jan 16, 2026 | Delta Electronics DIAView has multiple vulnerabilities. | ||
| CVE-2025-3495 | Cri | 0.64 | 9.8 | 0.01 | Apr 16, 2025 | Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code. | ||
| CVE-2024-10456 | Cri | 0.64 | 9.8 | 0.18 | Oct 30, 2024 | Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication. | ||
| CVE-2024-3871 | Cri | 0.64 | 9.8 | 0.02 | Apr 16, 2024 | The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote… | ||
| CVE-2018-10623 | Cri | 0.64 | 9.8 | 0.04 | Jun 18, 2018 | Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory… | ||
| CVE-2018-10621 | Cri | 0.64 | 9.8 | 0.04 | Jun 18, 2018 | Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or… | ||
| CVE-2018-10617 | Cri | 0.64 | 9.8 | 0.04 | Jun 18, 2018 | Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or… | ||
| CVE-2018-8871 | Cri | 0.64 | 9.8 | 0.04 | May 25, 2018 | In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution. | ||
| CVE-2025-53417 | Cri | 0.61 | — | 0.11 | Aug 5, 2025 | DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability | ||
| CVE-2018-10636 | Hig | 0.58 | 8.8 | 0.10 | Aug 13, 2018 | CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an… | ||
| CVE-2018-7509 | Hig | 0.57 | 8.8 | 0.03 | May 4, 2018 | WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution. | ||
| CVE-2018-7507 | Hig | 0.57 | 8.8 | 0.03 | May 4, 2018 | WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. | ||
| CVE-2018-7494 | Hig | 0.57 | 8.8 | 0.03 | May 4, 2018 | WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. | ||
| CVE-2025-53418 | Hig | 0.56 | 8.6 | 0.00 | Aug 26, 2025 | Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability. | ||
| CVE-2025-53419 | Hig | 0.51 | 7.8 | 0.00 | Aug 26, 2025 | Delta Electronics COMMGR has Code Injection vulnerability. | ||
| CVE-2025-53416 | Hig | 0.51 | 7.8 | 0.00 | Jun 30, 2025 | Delta Electronics DTN Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution |
- risk 0.72cvss 9.8epss 0.69
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network…
- risk 0.64cvss 9.8epss 0.01
Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability.
- risk 0.64cvss 9.8epss 0.01
Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.
- risk 0.64cvss 9.8epss 0.00
Delta Electronics DIAView has multiple vulnerabilities.
- risk 0.64cvss 9.8epss 0.01
Delta Electronics DIAView has multiple vulnerabilities.
- risk 0.64cvss 9.8epss 0.01
Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code.
- risk 0.64cvss 9.8epss 0.18
Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication.
- risk 0.64cvss 9.8epss 0.02
The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote…
- risk 0.64cvss 9.8epss 0.04
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory…
- risk 0.64cvss 9.8epss 0.04
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or…
- risk 0.64cvss 9.8epss 0.04
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or…
- risk 0.64cvss 9.8epss 0.04
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.
- risk 0.61cvss —epss 0.11
DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability
- risk 0.58cvss 8.8epss 0.10
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an…
- risk 0.57cvss 8.8epss 0.03
WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution.
- risk 0.57cvss 8.8epss 0.03
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
- risk 0.57cvss 8.8epss 0.03
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
- risk 0.56cvss 8.6epss 0.00
Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability.
- risk 0.51cvss 7.8epss 0.00
Delta Electronics COMMGR has Code Injection vulnerability.
- risk 0.51cvss 7.8epss 0.00
Delta Electronics DTN Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution