We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code.
Reserved 2025-04-10 | Published 2025-04-16 | Updated 2025-04-16 | Assigner DeltawwCWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
2024-12-16: | Reported |
2025-04-15: | Advisory v1 published; Still working on fixing the vulnerability |
filecenter.deltaww.com/...ation Authentication Bypass_v1.pdf
www.cisa.gov/news-events/ics-advisories/icsa-25-105-07
Support options