CRITICAL🇵🇱 Wersja polska

CVE-2025-62582

CVSS 9.8v3.1pub. 2026-01-16upd. 2026-06-04

Delta Electronics DIAView has multiple vulnerabilities.

🤖 AI Analysis
How it works

According to the CWE-306 classification, the vulnerability consists of the lack of authentication requirement for critical functions in the DIAView application. The attack vector is network-based (AV:N), requires no privileges (PR:N) or user interaction (UI:N), and the attack complexity is low (AC:L). This means that a remote, unauthorized attacker can directly invoke sensitive system functions without needing to possess any credentials.

Impact

Successful exploitation of the vulnerability allows an attacker to completely compromise the confidentiality, integrity, and availability of the system (C:H/I:H/A:H), which may result in takeover of control over the DIAView application and the data processed by it.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references — the Delta-PCSA-2026-00001 document available in the Delta Electronics file center (filecenter.deltaww.com) contains detailed information about patches for CVE-2025-62581 and CVE-2025-62582

Who is affected

Delta Electronics DIAView — versions indicated in the manufacturer's references (Delta-PCSA-2026-00001 document)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Deltaww Diaview

    APP
    Deltaww
    < 4.4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-62581CRITICAL9.8PL ✓ten sam produkt

Delta Electronics DIAView — krytyczne podatności (CVE-2025-62581)

CVE-2026-0975HIGH7.8ten sam produkt

Delta Electronics DIAView has Command Injection vulnerability.

CVE-2026-1949CRITICAL9.8PL ✓ten sam vendor

Delta Electronics AS320T — błędna kalkulacja rozmiaru bufora w handlerze GET/PUT

CVE-2026-1950CRITICAL9.8PL ✓ten sam vendor

Delta Electronics AS320T — przepełnienie bufora stosu przez nazwę pliku

CVE-2026-1951CRITICAL9.8PL ✓ten sam vendor

Delta Electronics AS320T — przepełnienie bufora przez nazwę katalogu (stack-based buffer overflow)