Delta Electronics DIAScreen Vulnerabilities Allow Out-of-Bounds Write Exploits
CISA released an advisory detailing two out-of-bounds write vulnerabilities in Delta Electronics DIAScreen, a product used in industrial control systems. The affected product versions include DIAScreen version 1.6.0 and prior. These vulnerabilities, identified as CVE-2025-59297 and CVE-2025-59298, can be exploited when a valid user opens a maliciously crafted project file, allowing an attacker to write data outside the allocated memory buffer. Both vulnerabilities are rated with a CVSS v3.1 base score of 6.6 and a CVSS v4 base score of 6.8, indicating a medium severity level. The attack complexity is considered low, and exploitation does not require privileges, but user interaction is necessary. Successful exploitation could result in loss of confidentiality, integrity, and availability, with a particular risk of denial-of-service or potential code execution. CISA's advisory provides technical details about the vulnerabilities and recommends mitigations to reduce risk. Administrators and users are encouraged to review the advisory and apply the recommended security measures. The vulnerabilities highlight the ongoing risks associated with file parsing in industrial control system software. Delta Electronics is a major vendor in the ICS sector, and vulnerabilities in its products can have significant operational impacts. The advisories were released on October 7, 2025, as part of CISA's ongoing efforts to inform the ICS community about emerging threats. The technical details specify that the vulnerabilities are triggered by opening malicious project files, emphasizing the importance of user awareness and safe file handling practices. The advisory does not mention active exploitation in the wild at the time of publication. CISA's notification is part of a broader set of ICS advisories released on the same date, but the DIAScreen vulnerabilities are specifically addressed in their own advisory. The disclosure underscores the need for timely patching and adherence to vendor guidance in industrial environments. Organizations using DIAScreen should assess their exposure and implement mitigations as soon as possible. The vulnerabilities are tracked under the Common Weakness Enumeration (CWE) identifier CWE-787, which relates to out-of-bounds write issues. The advisory also provides links to further technical resources and encourages feedback from the ICS community.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
CISA issues four additional ICS advisories for Hitachi, Rockwell, and Mitsubishi products
On 2025-10-09, CISA released four more Industrial Control Systems advisories addressing vulnerabilities in Hitachi Energy Asset Suite, Rockwell Automation Lifecycle Services with Cisco, Rockwell Automation Stratix, and multiple Mitsubishi Electric FA products, and urged administrators to review mitigations.
CISA releases advisories for Delta Electronics and Rockwell Automation ICS products
On 2025-10-07, CISA published two new Industrial Control Systems advisories covering vulnerabilities in Delta Electronics DIAScreen and Rockwell Automation 1756-EN4TR and 1756-EN4TRXT devices, with technical details and mitigation guidance for defenders.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
CISA Releases Four Industrial Control Systems Advisories
cisa.gov
Open sourceCISA Releases Two Industrial Control Systems Advisories
cisa.gov
Open sourceDelta Electronics DIAScreen
cisa.gov
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Delta Electronics CNCSoft-G2 DPAX File Parsing Out-of-Bounds Write RCE
**Delta Electronics CNCSoft-G2** contains an out-of-bounds write vulnerability in the *DOPSoft* component’s **DPAX file parsing** that can lead to **remote code execution** in the context of the current process. The issue is tracked as **CVE-2026-3094** (ZDI-CAN-28415 / **ZDI-26-151**) and is rated **CVSS 7.8 (High)** with the vector `CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`; exploitation requires **user interaction** (e.g., opening a malicious file or visiting a malicious page that triggers processing of attacker-controlled content). Affected versions are **CNCSoft-G2 prior to V2.1.0.39** (CWE-787), and Delta Electronics has issued an update to remediate the flaw. CISA’s ICS advisory highlights the potential impact to **critical manufacturing** environments and recommends standard OT hardening measures, including minimizing network exposure of control system assets, placing devices behind firewalls and isolating OT from business networks, and using more secure remote access methods (e.g., VPNs) when remote connectivity is required. Separately, CISA also added **Hikvision CVE-2017-7921** and **Rockwell Automation CVE-2021-22681** (both **CVSS 9.8**) to the **Known Exploited Vulnerabilities (KEV)** catalog due to evidence of active exploitation; this KEV action is unrelated to the Delta Electronics CNCSoft-G2 disclosure and represents a different set of exploited product vulnerabilities requiring separate remediation prioritization.
Mar 21, 2026
CISA ICS Advisories for Delta Electronics ASDA-Soft and Honeywell CCTV Vulnerabilities
CISA published ICS advisories detailing vulnerabilities in **Delta Electronics ASDA-Soft** and **Honeywell CCTV products**. Delta Electronics *ASDA-Soft* (versions `<= 7.2.0.0`) contains a **stack-based buffer overflow** (CWE-121) triggered when parsing `.par` files due to improper validation of a user-controlled size parameter, which can enable out-of-bounds writes and corruption of the structured exception handler (**CVE-2026-1361**, CVSS v3.1 **7.8 High**, `CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`). Honeywell CCTV devices are affected by **missing authentication for a critical function** (CWE-306) where an unauthenticated API endpoint can allow an attacker to change the “forgot password” recovery email address, enabling **account takeover** and unauthorized access to camera feeds (**CVE-2026-1670**, CVSS v3.1 **9.8 Critical**, `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`). A separate report described a different CISA ICS advisory for **Airleader Master** involving an **unrestricted file upload** that could allow unauthenticated **remote code execution** (**CVE-2026-1358**, CVSS **9.8**), affecting versions up to `6.381`; it noted no known public exploits at the time and recommended exposure reduction measures such as restricting internet access and segmenting ICS networks. This Airleader issue is not part of the same disclosure as the Delta Electronics and Honeywell advisories, which cover distinct products and CVEs released under different advisory identifiers.
Mar 21, 2026
Multiple Critical Vulnerabilities Disclosed in Industrial Control Systems by CISA
CISA released thirteen advisories detailing critical vulnerabilities affecting a range of industrial control system (ICS) products from major vendors including Rockwell Automation, Siemens, Hitachi Energy, Schneider Electric, and Delta Electronics. The advisories highlight severe security flaws such as missing authentication for critical functions, improper authorization, buffer overflows, SQL injection, and improper certificate validation. For Siemens TeleControl Server Basic, a vulnerability (CVE-2025-40765) allows unauthenticated remote attackers to obtain password hashes and perform authenticated operations on the database service, with a CVSS v3.1 score of 9.8, indicating critical risk. Rockwell Automation's FactoryTalk View Machine Edition and PanelView Plus 7 are susceptible to path traversal and improper authorization, potentially granting attackers unauthorized access to device file systems and sensitive diagnostic information. FactoryTalk ViewPoint is vulnerable to XML external entity injection, which could result in denial-of-service conditions. Siemens SiPass Integrated faces multiple issues, including buffer overflows and cross-site scripting, which could enable arbitrary code execution and unauthorized access. The Siemens SIMATIC ET 200SP Communication Processors have a missing authentication flaw that could allow attackers to access configuration data remotely. Siemens SINEC NMS is affected by a SQL injection vulnerability that could let low-privileged users escalate privileges. Siemens Solid Edge products are exposed to out-of-bounds read and write vulnerabilities, risking application crashes or code execution. Siemens HyperLynx and Industrial Edge App Publisher are vulnerable to type confusion, potentially leading to arbitrary code execution via crafted HTML pages. Hitachi Energy MACH GWS products have incorrect default permissions and improper validation issues, which could allow attackers to tamper with system files, cause denial of service, or perform man-in-the-middle attacks. The advisories provide technical details, affected product versions, and recommended mitigations, urging administrators to review and apply patches or workarounds. The vulnerabilities impact critical infrastructure sectors such as manufacturing, energy, water, and transportation, with products deployed worldwide. Many of the flaws are remotely exploitable with low attack complexity, increasing the urgency for remediation. CISA emphasizes the importance of timely action to prevent exploitation, as several vulnerabilities could lead to unauthorized access, data manipulation, or disruption of essential services. The advisories also reference the need to consult vendor-specific security updates for the most current information. Organizations are advised to assess their exposure, prioritize patching, and implement recommended security controls to mitigate these risks. The coordinated disclosure underscores the ongoing threat to ICS environments and the necessity for robust security practices across operational technology networks.
Mar 21, 2026