A critical vulnerability has been identified in Delta Electronics DIALink software, which could allow an unauthenticated remote attacker to bypass security controls and gain full control of the affected system. Successful exploitation could lead to unauthorized access to sensitive data, system disruption, and complete compromise of industrial control systems where this software is deployed.

This vulnerability is a Directory Traversal that can be leveraged to achieve authentication bypass. An unauthenticated remote attacker can send a specially crafted HTTP request containing directory traversal sequences (e.g., ../) to the DIALink web interface. By manipulating the path, the attacker can access protected API endpoints or files outside of the intended web root directory, effectively bypassing the authentication mechanism. A successful exploit grants the attacker administrative-level privileges, potentially leading to arbitrary code execution, full system access, and manipulation of connected industrial control processes.

With a CVSS score of 10.0, this vulnerability is of critical severity. Exploitation could lead to a complete compromise of the affected systems and the operational technology (OT) environments they manage. Potential consequences include the theft of sensitive operational data, manipulation of industrial processes causing production downtime or equipment damage, and significant safety risks to personnel. The business faces severe financial losses from operational disruption, remediation costs, and reputational damage.

Immediate Action: Immediately update all instances of Delta Electronics DIALink to the latest patched version as recommended by the vendor. After patching, it is crucial to review web server and application access logs for any signs of past or ongoing exploitation attempts, specifically looking for unusual URL patterns containing traversal sequences.

Proactive Monitoring: Implement continuous monitoring of systems running DIALink. Security teams should look for the following indicators of compromise:

• Logs: Scrutinize web access logs for HTTP requests containing directory traversal patterns such as ../, ..%2f, or ..\.
• Network Traffic: Monitor for unusual connections to the DIALink service from untrusted or external IP addresses. Deploy and update Intrusion Detection/Prevention System (IDS/IPS) signatures to detect and block this type of attack.
• System Behavior: Alert on unexpected processes spawned by the DIALink service, unauthorized file modifications, or anomalous outbound network connections from the host server.

Compensating Controls: If patching is not immediately feasible, apply the following controls to mitigate risk:

• Network Segmentation: Isolate the DIALink hosts from the internet and other non-essential corporate networks.
• Access Control: Use a firewall or reverse proxy to restrict access to the DIALink interface, allowing connections only from trusted IP addresses.
• Web Application Firewall (WAF): Deploy a WAF with rules specifically designed to detect and block directory traversal attacks.

Public Exploit Available: False

Due to the critical severity (CVSS 10.0) of this vulnerability, immediate action is required. This flaw allows for a complete, unauthenticated takeover of affected systems, posing a severe risk to operational technology (OT) environments. We strongly recommend that organizations immediately apply the vendor-supplied patches to all affected Delta Electronics DIALink instances. Although this CVE is not yet on the CISA KEV list, its critical nature makes it a prime candidate for future inclusion and widespread exploitation. If patching cannot be performed immediately, implement the recommended compensating controls, such as network segmentation and access restrictions, to reduce the attack surface.