Description
Delta Electronics DIAView has Command Injection vulnerability.
Published: 2026-01-16
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via Command Injection
Action: Immediate Patch
AI Analysis

Impact

Delta Electronics DIAView is affected by a command injection flaw that permits an attacker to execute arbitrary system commands. The vulnerability falls under CWE-77 and can compromise the confidentiality, integrity, and availability of the system, allowing for full control of the affected service.

Affected Systems

The vulnerability impacts all Delta Electronics DIAView deployments that use versions preceding v4.4; versions 4.4 or later include the necessary patch. No specific sub‑versions are listed, so any instance of DIAView prior to the upgrade is potentially exploitable.

Risk and Exploitability

The CVSS score of 7.8 marks this flaw as high severity, yet the EPSS score of less than 1% indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting no known active exploitation. The likely attack vector is remote, requiring the attacker to transmit malicious input to the exposed dangerous method; authentication requirements are not specified but are presumed unnecessary as the flaw is exposed via a public endpoint.

Generated by OpenCVE AI on April 18, 2026 at 05:49 UTC.

Remediation

Vendor Solution

Please download and upgrade DIAView to v4.4 or later.

OpenCVE Recommended Actions

  • Apply Delta Electronics DIAView version 4.4 or later, which removes the vulnerable method.
  • If the configuration allows, disable or remove the exposed dangerous method so it cannot be reached by external parties.
  • Configure logging and monitoring to detect and alert on attempts to invoke the removed or disabled method.

Generated by OpenCVE AI on April 18, 2026 at 05:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 20 Jan 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Deltaww
Deltaww diaview
CPEs cpe:2.3:a:deltaww:diaview:*:*:*:*:*:*:*:*
Vendors & Products Deltaww
Deltaww diaview

Fri, 16 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Delta Electronics
Delta Electronics diaview
Vendors & Products Delta Electronics
Delta Electronics diaview
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 06:15:00 +0000

Type Values Removed Values Added
Description Delta Electronics DIAView has Command Injection vulnerability.
Title DIAView - Command Injection Vulnerability
Weaknesses CWE-77
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Delta Electronics Diaview
Deltaww Diaview
cve-icon MITRE

Status: PUBLISHED

Assigner: Deltaww

Published:

Updated: 2026-01-16T14:00:54.208Z

Reserved: 2026-01-15T02:06:19.402Z

Link: CVE-2026-0975

cve-icon Vulnrichment

Updated: 2026-01-16T14:00:50.590Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-16T06:15:51.187

Modified: 2026-01-20T19:20:21.723

Link: CVE-2026-0975

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:00:08Z

Weaknesses