Description
Delta Electronics COMMGR2 has

Buffer Over-read DoS vulnerability.
Published: 2026-03-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via buffer over-read
Action: Immediate Patch
AI Analysis

Impact

Delta Electronics COMMGR2 suffers a buffer over-read that can be exploited to trigger a denial‑of‑service condition. The flaw allows an attacker to cause the application to read beyond the end of a buffer, leading to a crash or abrupt termination of the COMMGR2 process. The vulnerability maps to CWE‑125, a classic input validation failure. As the issue is not tied to authentication or privilege escalation, the impact is strictly limited to availability of the affected service.

Affected Systems

DeltaWW COMMGR2 is affected on all platforms supported by Delta, including Windows variants. Any deployment of COMMGR2 prior to version 2.11.1 is vulnerable; the vendor recommends upgrading to v2.11.1 or later to receive the fix.

Risk and Exploitability

The CVSS base score of 7.5 signals high severity, driven by the low difficulty to exploit the buffer over-read once the attacker gains network access to the COMMGR2 process. EPSS indicates a probability of less than 1%, suggesting that while exploitation events are uncommon, they are possible. The vulnerability is not listed in the CISA KEV catalog, limiting evidence of widespread attacks. The likely attack path involves network contact with the exposed service; this conclusion is inferred from the description and is not explicitly confirmed. The attack could be performed without special credentials, presenting a significant DoS threat.

Generated by OpenCVE AI on April 17, 2026 at 11:56 UTC.

Remediation

Vendor Solution

Please download and upgrade COMMGR2 to v2.11.1 or later.

OpenCVE Recommended Actions

  • Download and install Delta Electronics COMMGR2 version 2.11.1 or later to replace the vulnerable binaries.
  • Replace the existing COMMGR2 executables and configuration data with the upgraded package, ensuring the old files are removed or secured.
  • Restart the COMMGR2 service to load the patched version and verify that the service is running correctly.
  • Continuously monitor system logs and network traffic for repeated over‑read attempts, and apply any additional vendor advisories when released.

Generated by OpenCVE AI on April 17, 2026 at 11:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:deltaww:commgr2:*:*:*:*:*:*:*:*

Mon, 09 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 03:30:00 +0000

Type Values Removed Values Added
Description Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability.
Title Buffer Over-read DoS Vulnerability in COMMGR2
First Time appeared Deltaww
Deltaww commgr2
Weaknesses CWE-125
CPEs cpe:2.3:a:deltaww:commgr2:*:*:windows:*:*:*:*:*
Vendors & Products Deltaww
Deltaww commgr2
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Deltaww Commgr2
cve-icon MITRE

Status: PUBLISHED

Assigner: Deltaww

Published:

Updated: 2026-03-09T18:27:33.129Z

Reserved: 2026-03-06T06:46:15.699Z

Link: CVE-2026-3631

cve-icon Vulnrichment

Updated: 2026-03-09T18:27:29.571Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-09T04:15:58.630

Modified: 2026-03-10T18:48:42.673

Link: CVE-2026-3631

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:00:11Z

Weaknesses