Delta Electronics DIAView has multiple vulnerabilities.
According to the CWE-306 classification, the vulnerability consists of the lack of authentication requirement for critical functions in the DIAView application. The attack vector is network-based (AV:N), requires no privileges (PR:N) or user interaction (UI:N), and the attack complexity is low (AC:L). This means that a remote, unauthorized attacker can directly invoke sensitive system functions without needing to possess any credentials.
Successful exploitation of the vulnerability allows an attacker to completely compromise the confidentiality, integrity, and availability of the system (C:H/I:H/A:H), which may result in takeover of control over the DIAView application and the data processed by it.
Patches available from the manufacturer should be applied in accordance with the references — the Delta-PCSA-2026-00001 document available in the Delta Electronics file center (filecenter.deltaww.com) contains detailed information about patches for CVE-2025-62581 and CVE-2025-62582
Delta Electronics DIAView — versions indicated in the manufacturer's references (Delta-PCSA-2026-00001 document)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDeltaww Diaview
APPDeltaww< 4.4.0
Related vulnerabilities
Delta Electronics DIAView — krytyczne podatności (CVE-2025-62581)
Delta Electronics DIAView has Command Injection vulnerability.
Delta Electronics AS320T — błędna kalkulacja rozmiaru bufora w handlerze GET/PUT
Delta Electronics AS320T — przepełnienie bufora stosu przez nazwę pliku
Delta Electronics AS320T — przepełnienie bufora przez nazwę katalogu (stack-based buffer overflow)