1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: DIAView
- Vulnerability: Improper Limitation of a Pathname to a Restricted Directory
2. RISK EVALUATION
Successful exploitation of this vulnerability may allow a remote attacker to read or write files on the affected device.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Delta Electronics reports the following versions of DIAView industrial automation management system for providing real-time system control are affected:
- DIAView: Versions 4.2.0.0
3.2 VULNERABILITY OVERVIEW
3.2.1 Improper Limitation of a Pathname to a Restricted Directory CWE-22
Delta Electronics DIAView is vulnerable to a path traversal vulnerability, which may allow an attacker to read or write files remotely on the system.
CVE-2025-53417 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-53417. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Chemical, Commercial Facilities, Critical Manufacturing, Energy, Transportation Systems, Water and Wastewater Systems
- <
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: