OTPulse
FeedAboutContact

Delta Electronics DIALink

Act Now10ICS-CERT ICSA-25-259-07Sep 16, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

DIALink versions v1.6.0.0 and earlier contain an authentication bypass vulnerability that could allow an attacker to gain unauthorized access to the system. The vulnerability is triggered through network access and requires no user interaction or valid credentials. Successful exploitation could lead to unauthorized system access and control of connected industrial equipment.

What this means
What could happen
An attacker could bypass authentication controls on DIALink, potentially gaining unauthorized access to the system and ability to modify or disrupt Delta Electronics process control operations.
Who's at risk
Manufacturing facilities, chemical plants, power systems, and water utilities using Delta Electronics DIALink for process monitoring and control. This particularly affects organizations relying on DIALink for supervisory access to PLCs and industrial equipment.
How it could be exploited
An attacker with network access to a DIALink system running v1.6.0.0 or earlier could exploit the authentication bypass vulnerability to gain unauthorized access without valid credentials, allowing command execution or configuration changes on the connected control system.
Prerequisites
  • Network access to DIALink system port/interface
  • Target system running DIALink v1.6.0.0 or earlier
remotely exploitableno authentication requiredlow complexitycritical severity (CVSS 10)affects control system access
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
DIALink: <=V1.6.0.0≤ V1.6.0.0v1.8.0.0 or later
Remediation & Mitigation
0/5
Do now
0/1
HARDENINGDo not expose DIALink systems directly to the Internet
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade DIALink to v1.8.0.0 or later
Long-term hardening
0/3
HARDENINGPlace DIALink systems behind a firewall and isolate from business network
HARDENINGImplement network segmentation to restrict access to DIALink systems
HARDENINGUse secure remote access methods such as VPN if remote access to DIALink is required
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/5c5a85d5-86bf-443c-bfe1-1d571abf4b81
Delta Electronics DIALink | CVSS 10 - OTPulse