Sign-up

ID

VAR-202601-2333


CVE

CVE-2026-0975


TITLE

Delta Electronics, INC. of DIAView Command injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-001607

DESCRIPTION

Delta Electronics DIAView has Command Injection vulnerability. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAView. User interaction is required to exploit this vulnerability in that the target must open and run a malicious project.The specific flaw exists within the DIAView script component. The issue results from the lack of restrictions on script in DIAView projects. An attacker can leverage this vulnerability to execute code in the context of the current process

Trust: 2.25

sources: NVD: CVE-2026-0975 // JVNDB: JVNDB-2026-001607 // ZDI: ZDI-26-049

AFFECTED PRODUCTS

vendor:deltamodel:diaviewscope: - version: -

Trust: 1.5

vendor:deltawwmodel:diaviewscope:ltversion:4.4.0

Trust: 1.0

vendor:deltamodel:diaviewscope:eqversion: -

Trust: 0.8

vendor:deltamodel:diaviewscope:eqversion:4.4.0

Trust: 0.8

sources: ZDI: ZDI-26-049 // JVNDB: JVNDB-2026-001607 // NVD: CVE-2026-0975

CVSS

SEVERITY

CVSSV2

CVSSV3

759f5e80-c8e1-4224-bead-956d7b33c98b: CVE-2026-0975
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2026-0975
value: CRITICAL

Trust: 1.0

NVD: CVE-2026-0975
value: CRITICAL

Trust: 0.8

ZDI: CVE-2026-0975
value: HIGH

Trust: 0.7

759f5e80-c8e1-4224-bead-956d7b33c98b: CVE-2026-0975
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-0975
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2026-0975
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2026-0975
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-26-049 // JVNDB: JVNDB-2026-001607 // NVD: CVE-2026-0975 // NVD: CVE-2026-0975

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-001607 // NVD: CVE-2026-0975

PATCH

title:VulnbyCola/Tenda/AX-1806/9/1.md at main  0-fool/VulnbyCola  GitHuburl:https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00002_DIAView%20-Exposed%20Dangerous%20Method%20Remote%20Code%20Execution%20(CVE-2026-0975).pdf

Trust: 0.8

title:Delta Electronics has issued an update to correct this vulnerability.url:https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-07

Trust: 0.7

sources: ZDI: ZDI-26-049 // JVNDB: JVNDB-2026-001607

EXTERNAL IDS

db:NVDid:CVE-2026-0975

Trust: 3.3

db:JVNDBid:JVNDB-2026-001607

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-27093

Trust: 0.7

db:ZDIid:ZDI-26-049

Trust: 0.7

sources: ZDI: ZDI-26-049 // JVNDB: JVNDB-2026-001607 // NVD: CVE-2026-0975

REFERENCES

url:https://filecenter.deltaww.com/news/download/doc/delta-pcsa-2026-00002_diaview%20-exposed%20dangerous%20method%20remote%20code%20execution%20(cve-2026-0975).pdf

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-0975

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-07

Trust: 0.7

sources: ZDI: ZDI-26-049 // JVNDB: JVNDB-2026-001607 // NVD: CVE-2026-0975

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-26-049

SOURCES

db:ZDIid:ZDI-26-049
db:JVNDBid:JVNDB-2026-001607
db:NVDid:CVE-2026-0975

LAST UPDATE DATE

2026-01-30T23:57:43.661000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-26-049date:2026-01-28T00:00:00
db:JVNDBid:JVNDB-2026-001607date:2026-01-22T02:28:00
db:NVDid:CVE-2026-0975date:2026-01-20T19:20:21.723

SOURCES RELEASE DATE

db:ZDIid:ZDI-26-049date:2026-01-28T00:00:00
db:JVNDBid:JVNDB-2026-001607date:2026-01-22T00:00:00
db:NVDid:CVE-2026-0975date:2026-01-16T06:15:51.187