Delta Electronics DIAScreen

MonitorCVSS 6.6ICS-CERT ICSA-25-280-01Oct 7, 2025

Delta Electronics

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Delta Electronics DIAScreen versions 1.6.0 and earlier contain a buffer overflow vulnerability (CWE-787) that could allow an attacker to write data outside of the allocated memory buffer. This vulnerability requires local access and user interaction to exploit.

What this means

What could happen

An attacker with local access to a system running DIAScreen could trigger a buffer overflow through social engineering (e.g., malicious email attachment), potentially causing the application to crash or execute arbitrary code with the privileges of the user running the software.

Who's at risk

This vulnerability affects organizations running Delta Electronics DIAScreen version 1.6.0 or earlier. DIAScreen is typically used in industrial automation and plant monitoring contexts. Any facility using this software for process visualization or control monitoring should apply the update.

How it could be exploited

An attacker must first gain local access to a system where DIAScreen is installed, then trigger the buffer overflow through user interaction—such as opening a malicious file or clicking a link that causes DIAScreen to process malformed input. This could allow code execution on the affected system.

Prerequisites

Local access to a system running DIAScreen
User interaction required (opening a malicious file or link)
DIAScreen version 1.6.0 or earlier installed

requires user interactionlocal access onlynot remotely exploitable

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

DIAScreen: <=1.6.0≤ 1.6.01.6.1

Remediation & Mitigation

0/2

Do now

0/1

HARDENINGTrain users not to click web links or open attachments in unsolicited email messages

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DIAScreen to version 1.6.1 or later

CVEs (4)

CVE-2025-59297 CVE-2025-59298 CVE-2025-59299 CVE-2025-59300

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2cdeb065-8bc8-4c7d-90ba-741505c0828c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.