Deltaww
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Deltaww product.
RSS Feeds for Deltaww security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Deltaww products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Deltaww Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 3 vulnerabilities in Deltaww with an average score of 8.4 out of ten. Last year, in 2025 Deltaww had 12 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Deltaww in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.12
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 8.37 |
| 2025 | 12 | 8.48 |
| 2024 | 43 | 8.30 |
| 2023 | 37 | 8.34 |
| 2022 | 71 | 8.58 |
| 2021 | 37 | 7.37 |
| 2020 | 11 | 7.10 |
| 2019 | 14 | 6.81 |
| 2018 | 15 | 8.20 |
It may take a day or so for new Deltaww vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Deltaww Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-3631 | Mar 09, 2026 |
Delta Electronics COMMGR2 Buffer Over-read DoSDelta Electronics COMMGR2 has Buffer Over-read DoS vulnerability. |
Commgr2
|
| CVE-2026-3630 | Mar 09, 2026 |
Delta Electronics COMMGR2 BOFDelta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability. |
Commgr2
|
| CVE-2026-3094 | Mar 04, 2026 |
CNCSoftG2 Lacks Input Validation RCE via Malicious FileDelta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. |
Cncsoft G2
|
| CVE-2025-47724 | Jun 04, 2025 |
Delta Electronics CNCSoft: Code Exec via Unvalidated User FileDelta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. |
Cncsoft
|
| CVE-2025-47725 | Jun 04, 2025 |
CNCSoft Improper File Validation Enables Code ExecutionDelta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. |
Cncsoft
|
| CVE-2025-47726 | Jun 04, 2025 |
CNCSoft PoC: File Validation Bypass Enables Code Execution (CVE-2025-47726)Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. |
Cncsoft
|
| CVE-2025-47727 | Jun 04, 2025 |
Delta CNCSoft RCE via Improper File ValidationDelta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. |
Cncsoft
|
| CVE-2025-47728 | Jun 04, 2025 |
CNCSoft-G2 Code Execution via Unvalidated FileDelta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. |
Cncsoft G2
|
| CVE-2025-4124 | Apr 30, 2025 |
Delta ISPSoft 3.20 OOB Write in ISP File Parser BugDelta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. |
Ispsoft
|
| CVE-2025-4125 | Apr 30, 2025 |
Delta Electronics ISPSoft 3.20 OOB Write – Arbitrary Code ExecDelta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. |
Ispsoft
|
| CVE-2025-22882 | Apr 30, 2025 |
Delta ISPSoft v3.20 Stack Buffer Overflow via CBDGL fileDelta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file. |
Ispsoft
|
| CVE-2025-22883 | Apr 30, 2025 |
Delta Electronics ISPSoft 3.20 OOB-Write Enables Remote Code Exec via DVPDelta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. |
Ispsoft
|
| CVE-2025-22884 | Apr 30, 2025 |
Stack Overflow in Delta Electronics ISPSoft 3.20 DVP Parser ExploitableDelta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. |
Ispsoft
|
| CVE-2025-22881 | Feb 26, 2025 |
CNCSoftG2 Heap Buffer Overflow Enables Code ExecutionDelta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. |
Cncsoft G2
|
| CVE-2025-22880 | Feb 07, 2025 |
Delta Electronics CNCSoft-G2 Buffer Overflow via Input Length ValidationDelta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. |
Cncsoft G2
|
| CVE-2024-12834 | Dec 30, 2024 |
Delta Electronics DRASimuCAD STP Type Confusion RCEDelta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22414. |
Drasimucad
|
| CVE-2024-12835 | Dec 30, 2024 |
Delta Electronics DRASimuCAD: OOB Write in .ICS Parser Enables RCEDelta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22415. |
Drasimucad
|
| CVE-2024-12836 | Dec 30, 2024 |
Delta Electronics DRASimuCAD STP Parser Type-Confusion RCEDelta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22450. |
Drasimucad
|
| CVE-2024-39354 | Nov 11, 2024 |
Delta Electronics DIAScreen CEtherIPTagItem Stack-Based Buffer Overflow Remote Code Execution VulnerIf an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code. |
Diascreen
|
| CVE-2024-39605 | Nov 11, 2024 |
Delta Electronics DIAScreen BACnetParameter Stack-Based Buffer Overflow Remote Code Execution VulnerIf an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code. |
Diascreen
|
| CVE-2024-47131 | Nov 11, 2024 |
Delta Electronics DIAScreen BACnetObjectInfo Stack-Based Buffer Overflow Remote Code Execution VulneIf an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code. |
Diascreen
|
| CVE-2024-47962 | Oct 10, 2024 |
Delta Electronics CNCSoftG2 Buffer Overflow from Invalid Length ValidationDelta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. |
Cncsoft G2
|
| CVE-2024-47963 | Oct 10, 2024 |
Delta Electronics CNCSoft-G2 input validation flaw causes buffer overflowDelta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. |
Cncsoft G2
|
| CVE-2024-47964 | Oct 10, 2024 |
CNCSoft-G2 Heap Buffer Overflow via Unvalidated Data Length (CVE-2024-47964)Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. |
Cncsoft G2
|
| CVE-2024-47965 | Oct 10, 2024 |
CNCSoft-G2 Buffer Read OOB -> Remote Code ExecutionDelta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. |
Cncsoft G2
|
| CVE-2024-47966 | Oct 10, 2024 |
CNCSoft G2 Uninitialized Memory Execution (Delta Electronics)Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. |
Cncsoft G2
|
| CVE-2024-42417 | Oct 03, 2024 |
Delta DIAEnergie Auth-Injected SQLi in Handler_CFG.ashxDelta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product. |
Diaenergie
|
| CVE-2024-43699 | Oct 03, 2024 |
Delta Electronics DIAEnergie SQLi via AM_RegReport.aspxDelta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product. |
Diaenergie
|
| CVE-2024-8255 | Aug 29, 2024 |
DTN Soft 2.0.1- prior: RCE via Deserialization of Untrusted DataDelta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. |
Dtn Soft
|
| CVE-2024-7502 | Aug 06, 2024 |
Delta Electronics DIAScreen Stack Buffer Overflow via Malicious DPAA crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. |
Diascreen
|
| CVE-2024-39883 | Jul 09, 2024 |
CVE-2024-39883: Delta Electronics CNCSoft-G2 Heap Buffer Overflow RCEDelta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. |
Cncsoft G2
|
| CVE-2024-39882 | Jul 09, 2024 |
CNCSoft-G2 Buffer OOB Read Vulnerability Enables Code ExecDelta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. |
Cncsoft G2
|
| CVE-2024-39881 | Jul 09, 2024 |
CVE-2024-39881 Delta Electronics CNCSoft-G2 memory corruption via inputDelta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. |
Cncsoft G2
|
| CVE-2024-39880 | Jul 09, 2024 |
Stack Buffer Overflow (CWE-680) in Delta CNCSoft-G2 via Length MismatchDelta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. |
Cncsoft G2
|
| CVE-2024-4547 | May 06, 2024 |
Delta Electronics DIAEnergie SQLi via CEBC.exe (before v1.10.1.8610)A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field |
Diaenergie
|
| CVE-2024-4548 | May 06, 2024 |
Delta DIAEnergie v1.10.1.8610 SQLi in CEBC.exe via RecalculateHDMWYCAn SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field. |
Diaenergie
|
| CVE-2024-4549 | May 06, 2024 |
DoS in Delta DIAEnergie v1.10.1.8610 via CEBC.exeA denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system. |
Diaenergie
|
| CVE-2024-34031 | May 03, 2024 |
Delta Electronics DIAEnergie SQLi in Handler_CFG.ashxDelta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed. |
Diaenergie
|
| CVE-2024-34032 | May 03, 2024 |
Delta Electronics DIAEnergie SQL Injection via GetDIACloudListDelta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed. |
Diaenergie
|
| CVE-2024-34033 | May 03, 2024 |
Delta Electronics DIAEnergie Path Traversal OverwriteDelta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten. |
Diaenergie
|
| CVE-2024-4192 | Apr 30, 2024 |
Delta Electronics CNCSoft-G2 Stack Buffer Overrun Arbitrary Code ExecDelta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. |
Cncsoft G2
|
| CVE-2024-25574 | Apr 01, 2024 |
SQLi in GetDIAE_usListParameters (CVE202425574)SQL injection vulnerability exists in GetDIAE_usListParameters. |
Diaenergie
|
| CVE-2024-28029 | Mar 21, 2024 |
Authorization Bypass via Incomplete Server-side Privilege VerificationPrivileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality. |
Diaenergie
|
| CVE-2024-25937 | Mar 21, 2024 |
SQL Injection in DIAE_tagHandler.ashxSQL injection vulnerability exists in the script DIAE_tagHandler.ashx. |
Diaenergie
|
| CVE-2024-1941 | Mar 01, 2024 |
Stack-based Buffer Overflow in Delta Electronics CNCSoft-B <1.0.0.4 allows RCEDelta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. |
Cncsoft B
|
| CVE-2024-1595 | Feb 29, 2024 |
Delta CNCSoft-B DLL Hijacking via lib load pre v4.0.0.82Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed. |
Cncsoft B
Dopsoft
|
| CVE-2023-43819 | Jan 18, 2024 |
Delta Electronics DOPSoft DPS File InitialMacroLen Buffer Overflow ExploitedA stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the InitialMacroLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution. |
Dopsoft
|
| CVE-2023-43822 | Jan 18, 2024 |
Buffer Overflow in Delta DOPSoft via wLogTitlesTimeLen FieldA stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution. |
Dopsoft
|
| CVE-2023-43818 | Jan 18, 2024 |
Delta DOPSoft RCE via DPS File Buffer OverflowA buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution. |
Dopsoft
|
| CVE-2023-43817 | Jan 18, 2024 |
Buffer Overflow in Delta DOPSoft v2 DPS File ParsingA buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wMailContentLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution. |
Dopsoft
|