Deltaww Deltaww

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Deltaww product.

RSS Feeds for Deltaww security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Deltaww products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Deltaww Sorted by Most Security Vulnerabilities since 2018

Deltaww Diaenergie71 vulnerabilities

Deltaww Dopsoft22 vulnerabilities

Deltaww Cncsoft G213 vulnerabilities

Deltaww Cncsoft10 vulnerabilities

Deltaww Diascreen10 vulnerabilities

Deltaww Ispsoft8 vulnerabilities

Deltaww Wplsoft6 vulnerabilities

Deltaww Cncsoft B5 vulnerabilities

Deltaww Screeneditor4 vulnerabilities

Deltaww Dtn Soft1 vulnerability

By the Year

In 2025 there have been 12 vulnerabilities in Deltaww with an average score of 8.5 out of ten. Last year, in 2024 Deltaww had 40 security vulnerabilities published. Right now, Deltaww is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.18.




Year Vulnerabilities Average Score
2025 12 8.48
2024 40 8.30
2023 37 8.34
2022 71 8.58
2021 37 7.37
2020 11 7.12
2019 14 7.59
2018 15 8.53

It may take a day or so for new Deltaww vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Deltaww Security Vulnerabilities

Delta Electronics CNCSoft lacks proper validation of the user-supplied file

CVE-2025-47724 7.3 - High - June 04, 2025

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

Delta Electronics CNCSoft lacks proper validation of the user-supplied file

CVE-2025-47725 7.3 - High - June 04, 2025

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

Delta Electronics CNCSoft lacks proper validation of the user-supplied file

CVE-2025-47726 7.3 - High - June 04, 2025

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

Delta Electronics CNCSoft lacks proper validation of the user-supplied file

CVE-2025-47727 7.3 - High - June 04, 2025

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file

CVE-2025-47728 7.3 - High - June 04, 2025

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability

CVE-2025-4125 9.8 - Critical - April 30, 2025

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.

Memory Corruption

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability

CVE-2025-4124 9.8 - Critical - April 30, 2025

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.

Memory Corruption

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability

CVE-2025-22882 9.8 - Critical - April 30, 2025

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file.

Memory Corruption

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability

CVE-2025-22883 9.8 - Critical - April 30, 2025

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.

Memory Corruption

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability

CVE-2025-22884 9.8 - Critical - April 30, 2025

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.

Memory Corruption

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer

CVE-2025-22881 7.8 - High - February 26, 2025

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer

CVE-2025-22880 - February 07, 2025

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.

Delta Electronics DIAScreen BACnetObjectInfo Stack-Based Buffer Overflow Remote Code Execution Vulne

CVE-2024-47131 7.8 - High - November 11, 2024

If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code.

Memory Corruption

Delta Electronics DIAScreen BACnetParameter Stack-Based Buffer Overflow Remote Code Execution Vulner

CVE-2024-39605 7.8 - High - November 11, 2024

If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.

Memory Corruption

Delta Electronics DIAScreen CEtherIPTagItem Stack-Based Buffer Overflow Remote Code Execution Vulner

CVE-2024-39354 7.8 - High - November 11, 2024

If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.

Memory Corruption

Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it

CVE-2024-47966 7.8 - High - October 10, 2024

Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.

Use of Uninitialized Resource

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer

CVE-2024-47965 7.8 - High - October 10, 2024

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.

Out-of-bounds Read

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer

CVE-2024-47964 7.8 - High - October 10, 2024

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.

Memory Corruption

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object

CVE-2024-47963 7.8 - High - October 10, 2024

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.

Memory Corruption

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer

CVE-2024-47962 7.8 - High - October 10, 2024

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.

Memory Corruption

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx

CVE-2024-43699 9.8 - Critical - October 03, 2024

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.

SQL Injection

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx

CVE-2024-42417 8.8 - High - October 03, 2024

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.

SQL Injection

Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.

CVE-2024-8255 9.8 - Critical - August 29, 2024

Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.

Marshaling, Unmarshaling

A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could

CVE-2024-7502 7.8 - High - August 06, 2024

A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code.

Memory Corruption

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer

CVE-2024-39883 8.8 - High - July 09, 2024

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.

Memory Corruption

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer

CVE-2024-39882 8.8 - High - July 09, 2024

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.

Out-of-bounds Read

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition

CVE-2024-39881 8.8 - High - July 09, 2024

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.

Memory Corruption

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer

CVE-2024-39880 8.8 - High - July 09, 2024

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.

Memory Corruption

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message

CVE-2024-4548 - May 06, 2024

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.

SQL Injection

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message

CVE-2024-4547 - May 06, 2024

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field

SQL Injection

A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior

CVE-2024-4549 - May 06, 2024

A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.

Delta Electronics DIAEnergie has insufficient input validation

CVE-2024-34033 8.8 - High - May 03, 2024

Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.

Directory traversal

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint

CVE-2024-34032 8.8 - High - May 03, 2024

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.

SQL Injection

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx

CVE-2024-34031 8.8 - High - May 03, 2024

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.

SQL Injection

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer

CVE-2024-4192 - April 30, 2024

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Stack Overflow

SQL injection vulnerability exists in GetDIAE_usListParameters.

CVE-2024-25574 9.8 - Critical - April 01, 2024

SQL injection vulnerability exists in GetDIAE_usListParameters.

SQL Injection

SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.

CVE-2024-25937 8.8 - High - March 21, 2024

SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.

Privileges are not fully verified server-side

CVE-2024-28029 8.8 - High - March 21, 2024

Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.

Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may

CVE-2024-1941 7.8 - High - March 01, 2024

Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

Stack Overflow

Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may

CVE-2024-1595 7.8 - High - February 29, 2024

Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.

DLL preloading

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file

CVE-2023-43824 7.8 - High - January 18, 2024

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Classic Buffer Overflow

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTTitleLen field of a DPS file

CVE-2023-43823 7.8 - High - January 18, 2024

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTTitleLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Classic Buffer Overflow

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file

CVE-2023-43822 7.8 - High - January 18, 2024

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Classic Buffer Overflow

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesActionLen field of a DPS file

CVE-2023-43821 7.8 - High - January 18, 2024

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesActionLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Classic Buffer Overflow

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesPrevValueLen field of a DPS file

CVE-2023-43820 7.8 - High - January 18, 2024

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesPrevValueLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Classic Buffer Overflow

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the InitialMacroLen field of a DPS file

CVE-2023-43819 7.8 - High - January 18, 2024

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the InitialMacroLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Classic Buffer Overflow

A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft

CVE-2023-43818 7.8 - High - January 18, 2024

A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Classic Buffer Overflow

A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wMailContentLen field of a DPS file

CVE-2023-43817 7.8 - High - January 18, 2024

A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wMailContentLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.

Classic Buffer Overflow

A heap buffer-overflow exists in Delta Electronics ISPSoft

CVE-2023-5131 8.8 - High - January 18, 2024

A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.

Memory Corruption

A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wKPFStringLen field of a DPS file

CVE-2023-43816 7.8 - High - January 18, 2024

A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wKPFStringLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.

Classic Buffer Overflow

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.