CVE-2026-0975
published 2026-01-16CVE-2026-0975: Delta Electronics DIAView has Command Injection vulnerability.
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.36%
68.2th percentile
Delta Electronics DIAView has Command Injection vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | diaview | <= 4.2.0 | — |
| deltaww | diaview | < 4.4.0 | 4.4.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation requires a victim to open a malicious DIAView project file; monitor for unexpected process/shell execution spawned from DIAView application processes ↗
- →DIAView project scripts can invoke shell commands; audit project script contents for unexpected shell command calls in DIAView v4.2.0 environments ↗
- →Vulnerability is local/user-interaction required (AV:L/UI:R); focus detection on suspicious DIAView project files delivered via email attachments or untrusted downloads ↗
- ·Only DIAView version 4.2.0 is confirmed affected; version 4.4 and later are remediated ↗
- ·Vulnerability is not remotely exploitable; attack vector is local with required user interaction, limiting exposure to scenarios where a victim manually opens a malicious project ↗
- ·No known public exploitation has been reported at time of advisory publication ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Delta Electronics DIAView
cisa_ics·2026-01-22·CVSS 7.8
CVE-2026-0975 [HIGH] Delta Electronics DIAView
ICS Advisory
##
Delta Electronics DIAView
Release DateJanuary 22, 2026
Alert CodeICSA-26-022-07
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of this vulnerability could enable an attacker to execute arbitrary code.
The following versions of Delta Electronics DIAView are affected:
- DIAView (CVE-2026-0975)
CVSS
Vendor
Equipment
Vulnerabilities
| v3 7.8
| Delta Electronics
| Delta Electronics DIAView
| Improper Neutralization of Special Elements used in a Command ('Command Injection')
## Background
- Critical Infrastructure Sectors: Chemical, Commercial Facilities, Critical Manufacturing, Energy, Transportation Systems, Water and Wastewater
- Countries/Areas Deployed: W
GHSA
GHSA-7xx5-w679-mjw9: Delta Electronics DIAView has Command Injection vulnerability
ghsa_unreviewed·2026-01-16
CVE-2026-0975 [HIGH] CWE-77 GHSA-7xx5-w679-mjw9: Delta Electronics DIAView has Command Injection vulnerability
Delta Electronics DIAView has Command Injection vulnerability.
No detection rules found.
No public exploits indexed.
2026-01-16
Published