An unauthenticated remote database access vulnerability in Delta Electronics DIAView poses a critical risk of data compromise due to a failed previous security patch.

This issue is a mitigation bypass of CVE-2025-62582. An unauthenticated remote attacker can leverage this flaw to gain unauthorized access to databases within a DIAView project.

Successful exploitation allows an unauthenticated attacker to bypass existing security controls and access sensitive database information. With a CVSS score of 9.8, this vulnerability represents a critical threat to data confidentiality and integrity, potentially leading to unauthorized data exfiltration or manipulation of industrial project data.

Immediate Action: Review and re-apply security patches for DIAView and ensure the bypass for unauthenticated remote database access is fully addressed.

Proactive Monitoring: Audit system access logs for anomalous database connection attempts and monitor network traffic for unauthorized access patterns.

Compensating Controls: Restrict network access to database servers to trusted IP addresses only and ensure robust network segmentation is in place.

Public Exploit Available: True

Organizations utilizing Delta Electronics DIAView V4.4 must prioritize applying the latest security patches to remediate this bypass. Failure to address this vulnerability leaves critical database infrastructure exposed to unauthenticated remote attackers.