Sign-up

ID

VAR-202504-1046


CVE

CVE-2025-3495


TITLE

Delta Electronics COMMGR Insufficient Randomization Authentication Bypass Vulnerability

Trust: 0.7

sources: ZDI: ZDI-25-397

DESCRIPTION

Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code. This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Electronics COMMGR. Authentication is not required to exploit this vulnerability.The specific flaw exists within the PLC simulator service, which listens on TCP port 8895 by default. An attacker can leverage this vulnerability to bypass authentication on the system. Delta Electronics COMMGR is a communication management software of Delta Electronics, a Chinese company. Delta Electronics COMMGR has a code execution vulnerability. The vulnerability is caused by insufficient randomness in session ID generation

Trust: 2.07

sources: NVD: CVE-2025-3495 // ZDI: ZDI-25-397 // CNVD: CNVD-2025-12376

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12376

AFFECTED PRODUCTS

vendor:deltamodel:commgrscope: - version: -

Trust: 0.7

vendor:deltamodel:industrial automation commgrscope:eqversion:1

Trust: 0.6

vendor:deltamodel:industrial automation commgrscope:eqversion:2

Trust: 0.6

sources: ZDI: ZDI-25-397 // CNVD: CNVD-2025-12376

CVSS

SEVERITY

CVSSV2

CVSSV3

759f5e80-c8e1-4224-bead-956d7b33c98b: CVE-2025-3495
value: CRITICAL

Trust: 1.0

ZDI: CVE-2025-3495
value: CRITICAL

Trust: 0.7

CNVD: CNVD-2025-12376
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-12376
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

759f5e80-c8e1-4224-bead-956d7b33c98b: CVE-2025-3495
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2025-3495
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-25-397 // CNVD: CNVD-2025-12376 // NVD: CVE-2025-3495

PROBLEMTYPE DATA

problemtype:CWE-338

Trust: 1.0

sources: NVD: CVE-2025-3495

PATCH

title:Delta Electronics has issued an update to correct this vulnerability.url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-07

Trust: 0.7

title:Patch for Delta Electronics COMMGR Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/697141

Trust: 0.6

sources: ZDI: ZDI-25-397 // CNVD: CNVD-2025-12376

EXTERNAL IDS

db:NVDid:CVE-2025-3495

Trust: 2.3

db:ICS CERTid:ICSA-25-105-07

Trust: 1.0

db:ZDI_CANid:ZDI-CAN-25049

Trust: 0.7

db:ZDIid:ZDI-25-397

Trust: 0.7

db:CNVDid:CNVD-2025-12376

Trust: 0.6

sources: ZDI: ZDI-25-397 // CNVD: CNVD-2025-12376 // NVD: CVE-2025-3495

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-07

Trust: 1.7

url:https://filecenter.deltaww.com/news/download/doc/delta-pcsa-2025-00005_commgr%20-%20insufficient%20randomization%20authentication%20bypass_v1.pdf

Trust: 1.6

sources: ZDI: ZDI-25-397 // CNVD: CNVD-2025-12376 // NVD: CVE-2025-3495

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-25-397

SOURCES

db:ZDIid:ZDI-25-397
db:CNVDid:CNVD-2025-12376
db:NVDid:CVE-2025-3495

LAST UPDATE DATE

2025-06-20T23:21:54.562000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-25-397date:2025-06-17T00:00:00
db:CNVDid:CNVD-2025-12376date:2025-06-13T00:00:00
db:NVDid:CVE-2025-3495date:2025-04-16T13:25:37.340

SOURCES RELEASE DATE

db:ZDIid:ZDI-25-397date:2025-06-17T00:00:00
db:CNVDid:CNVD-2025-12376date:2025-06-13T00:00:00
db:NVDid:CVE-2025-3495date:2025-04-16T03:15:17.530