ICS: Delta Electronics COMMGR Vulnerability

Severity

High

Analysis Summary

CVE-2025-3495

Delta Electronics COMMGR uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code.

Impact

Code Execution

Indicators of Compromise

CVE

CVE-2025-3495

Affected Vendors

Delta Electronics

Affected Products

Delta Electronics COMMGR V1- V2

Remediation

Upgrade to the latest version of COMMGR, available from the Delta Security Advisory.

Delta Security Advisory

CVE-2025-46762 – Apache Parquet Vulnerability

Multiple Linux Kernel Vulnerabilities

ICS: Delta Electronics COMMGR Vulnerability

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan