Deltaww
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Deltaww product.
RSS Feeds for Deltaww security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Deltaww products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Deltaww Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 12 vulnerabilities in Deltaww with an average score of 8.5 out of ten. Last year, in 2024 Deltaww had 40 security vulnerabilities published. Right now, Deltaww is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.18.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 12 | 8.48 |
2024 | 40 | 8.30 |
2023 | 37 | 8.34 |
2022 | 71 | 8.58 |
2021 | 37 | 7.37 |
2020 | 11 | 7.12 |
2019 | 14 | 7.59 |
2018 | 15 | 8.53 |
It may take a day or so for new Deltaww vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Deltaww Security Vulnerabilities
Delta Electronics CNCSoft lacks proper validation of the user-supplied file
CVE-2025-47724
7.3 - High
- June 04, 2025
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
Delta Electronics CNCSoft lacks proper validation of the user-supplied file
CVE-2025-47725
7.3 - High
- June 04, 2025
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
Delta Electronics CNCSoft lacks proper validation of the user-supplied file
CVE-2025-47726
7.3 - High
- June 04, 2025
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
Delta Electronics CNCSoft lacks proper validation of the user-supplied file
CVE-2025-47727
7.3 - High
- June 04, 2025
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file
CVE-2025-47728
7.3 - High
- June 04, 2025
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability
CVE-2025-4125
9.8 - Critical
- April 30, 2025
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.
Memory Corruption
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability
CVE-2025-4124
9.8 - Critical
- April 30, 2025
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.
Memory Corruption
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability
CVE-2025-22882
9.8 - Critical
- April 30, 2025
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file.
Memory Corruption
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability
CVE-2025-22883
9.8 - Critical
- April 30, 2025
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.
Memory Corruption
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability
CVE-2025-22884
9.8 - Critical
- April 30, 2025
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.
Memory Corruption
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer
CVE-2025-22881
7.8 - High
- February 26, 2025
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer
CVE-2025-22880
- February 07, 2025
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
Delta Electronics DIAScreen BACnetObjectInfo Stack-Based Buffer Overflow Remote Code Execution Vulne
CVE-2024-47131
7.8 - High
- November 11, 2024
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code.
Memory Corruption
Delta Electronics DIAScreen BACnetParameter Stack-Based Buffer Overflow Remote Code Execution Vulner
CVE-2024-39605
7.8 - High
- November 11, 2024
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.
Memory Corruption
Delta Electronics DIAScreen CEtherIPTagItem Stack-Based Buffer Overflow Remote Code Execution Vulner
CVE-2024-39354
7.8 - High
- November 11, 2024
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.
Memory Corruption
Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it
CVE-2024-47966
7.8 - High
- October 10, 2024
Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
Use of Uninitialized Resource
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer
CVE-2024-47965
7.8 - High
- October 10, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
Out-of-bounds Read
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer
CVE-2024-47964
7.8 - High
- October 10, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
Memory Corruption
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object
CVE-2024-47963
7.8 - High
- October 10, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
Memory Corruption
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer
CVE-2024-47962
7.8 - High
- October 10, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
Memory Corruption
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx
CVE-2024-43699
9.8 - Critical
- October 03, 2024
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.
SQL Injection
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx
CVE-2024-42417
8.8 - High
- October 03, 2024
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.
SQL Injection
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.
CVE-2024-8255
9.8 - Critical
- August 29, 2024
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.
Marshaling, Unmarshaling
A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could
CVE-2024-7502
7.8 - High
- August 06, 2024
A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code.
Memory Corruption
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer
CVE-2024-39883
8.8 - High
- July 09, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
Memory Corruption
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer
CVE-2024-39882
8.8 - High
- July 09, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
Out-of-bounds Read
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition
CVE-2024-39881
8.8 - High
- July 09, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
Memory Corruption
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer
CVE-2024-39880
8.8 - High
- July 09, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
Memory Corruption
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message
CVE-2024-4548
- May 06, 2024
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.
SQL Injection
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message
CVE-2024-4547
- May 06, 2024
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field
SQL Injection
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior
CVE-2024-4549
- May 06, 2024
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.
Delta Electronics DIAEnergie has insufficient input validation
CVE-2024-34033
8.8 - High
- May 03, 2024
Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
Directory traversal
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint
CVE-2024-34032
8.8 - High
- May 03, 2024
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
SQL Injection
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx
CVE-2024-34031
8.8 - High
- May 03, 2024
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
SQL Injection
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer
CVE-2024-4192
- April 30, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Stack Overflow
SQL injection vulnerability exists in GetDIAE_usListParameters.
CVE-2024-25574
9.8 - Critical
- April 01, 2024
SQL injection vulnerability exists in GetDIAE_usListParameters.
SQL Injection
SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.
CVE-2024-25937
8.8 - High
- March 21, 2024
SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.
Privileges are not fully verified server-side
CVE-2024-28029
8.8 - High
- March 21, 2024
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may
CVE-2024-1941
7.8 - High
- March 01, 2024
Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
Stack Overflow
Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82
insecurely loads libraries, which may
CVE-2024-1595
7.8 - High
- February 29, 2024
Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.
DLL preloading
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file
CVE-2023-43824
7.8 - High
- January 18, 2024
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
Classic Buffer Overflow
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTTitleLen field of a DPS file
CVE-2023-43823
7.8 - High
- January 18, 2024
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTTitleLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
Classic Buffer Overflow
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file
CVE-2023-43822
7.8 - High
- January 18, 2024
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
Classic Buffer Overflow
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesActionLen field of a DPS file
CVE-2023-43821
7.8 - High
- January 18, 2024
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesActionLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
Classic Buffer Overflow
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesPrevValueLen field of a DPS file
CVE-2023-43820
7.8 - High
- January 18, 2024
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesPrevValueLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
Classic Buffer Overflow
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the InitialMacroLen field of a DPS file
CVE-2023-43819
7.8 - High
- January 18, 2024
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the InitialMacroLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
Classic Buffer Overflow
A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft
CVE-2023-43818
7.8 - High
- January 18, 2024
A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
Classic Buffer Overflow
A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wMailContentLen field of a DPS file
CVE-2023-43817
7.8 - High
- January 18, 2024
A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wMailContentLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.
Classic Buffer Overflow
A heap buffer-overflow exists in Delta Electronics ISPSoft
CVE-2023-5131
8.8 - High
- January 18, 2024
A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.
Memory Corruption
A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wKPFStringLen field of a DPS file
CVE-2023-43816
7.8 - High
- January 18, 2024
A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wKPFStringLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.
Classic Buffer Overflow