Multiple vulnerabilities reported in Delta Electronics DIALink, one critical
Take action: If you're using Delta Electronics DIALink industrial automation software, make sure it's isolated and accessible only from trusted network. Then plan a quck upgrade to version 1.8.0.0 or later, because there's a flaw that completely bypasses all authentication. The flaw has a maximum severity, so don't ignore this one.
Learn More
Delta Electronics has patched multiple security vulnerabilities in its DIALink industrial automation software that could allow attackers to bypass authentication mechanisms and gain unauthorized access to critical manufacturing systems.
Delta Electronics DIALink is an industrial automation server that offers solutions for monitoring, configuring, and maintaining industrial systems. Many engineering servers host credential material, PLC programs, or process recipes. Write access can change or insert files that control physical processes, creating safety and availability risks.
Vulnerabilities summary
- CVE-2025-58321 (CVSS score 10.0) - Improper Limitation of Pathname to Restricted Directory. This path traversal vulnerability enables complete authentication bypass.
- CVE-2025-58320 (CVSS score 7.3) - Improper Limitation of Pathname to Restricted Directory. This path traversal vulnerability allows attackers to bypass authentication mechanisms through directory traversal techniques.
The flaws affect all versions lower than DIALink V1.8.0.0. Delta Electronics recommends users to download and upgrade to DIALink v1.8.0.0 or later. The latest version can be found at the Delta Download Center.
Organizations are advised to prioritize upgrading to the latest version and maintain network segmentation and access controls as complementary security measures.
