VAR-202504-1046
Vulnerability from variot - Updated: 2025-06-20 23:21Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code. This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Electronics COMMGR. Authentication is not required to exploit this vulnerability.The specific flaw exists within the PLC simulator service, which listens on TCP port 8895 by default. An attacker can leverage this vulnerability to bypass authentication on the system. Delta Electronics COMMGR is a communication management software of Delta Electronics, a Chinese company.
Delta Electronics COMMGR has a code execution vulnerability. The vulnerability is caused by insufficient randomness in session ID generation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202504-1046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "commgr",
"scope": null,
"trust": 0.7,
"vendor": "delta",
"version": null
},
{
"model": "industrial automation commgr",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "1"
},
{
"model": "industrial automation commgr",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "2"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-397"
},
{
"db": "CNVD",
"id": "CNVD-2025-12376"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-397"
}
],
"trust": 0.7
},
"cve": "CVE-2025-3495",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-12376",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2025-3495",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2025-3495",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"id": "CVE-2025-3495",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2025-3495",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2025-12376",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-397"
},
{
"db": "CNVD",
"id": "CNVD-2025-12376"
},
{
"db": "NVD",
"id": "CVE-2025-3495"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics COMMGR v1 and v2\u00a0uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code. This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Electronics COMMGR. Authentication is not required to exploit this vulnerability.The specific flaw exists within the PLC simulator service, which listens on TCP port 8895 by default. An attacker can leverage this vulnerability to bypass authentication on the system. Delta Electronics COMMGR is a communication management software of Delta Electronics, a Chinese company. \n\nDelta Electronics COMMGR has a code execution vulnerability. The vulnerability is caused by insufficient randomness in session ID generation",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3495"
},
{
"db": "ZDI",
"id": "ZDI-25-397"
},
{
"db": "CNVD",
"id": "CNVD-2025-12376"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-3495",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-25-105-07",
"trust": 1.0
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-25049",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-25-397",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-12376",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-397"
},
{
"db": "CNVD",
"id": "CNVD-2025-12376"
},
{
"db": "NVD",
"id": "CVE-2025-3495"
}
]
},
"id": "VAR-202504-1046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12376"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12376"
}
]
},
"last_update_date": "2025-06-20T23:21:54.562000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-07"
},
{
"title": "Patch for Delta Electronics COMMGR Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/697141"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-397"
},
{
"db": "CNVD",
"id": "CNVD-2025-12376"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-338",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3495"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-07"
},
{
"trust": 1.6,
"url": "https://filecenter.deltaww.com/news/download/doc/delta-pcsa-2025-00005_commgr%20-%20insufficient%20randomization%20authentication%20bypass_v1.pdf"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-397"
},
{
"db": "CNVD",
"id": "CNVD-2025-12376"
},
{
"db": "NVD",
"id": "CVE-2025-3495"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-25-397"
},
{
"db": "CNVD",
"id": "CNVD-2025-12376"
},
{
"db": "NVD",
"id": "CVE-2025-3495"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-17T00:00:00",
"db": "ZDI",
"id": "ZDI-25-397"
},
{
"date": "2025-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12376"
},
{
"date": "2025-04-16T03:15:17.530000",
"db": "NVD",
"id": "CVE-2025-3495"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-17T00:00:00",
"db": "ZDI",
"id": "ZDI-25-397"
},
{
"date": "2025-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12376"
},
{
"date": "2025-04-16T13:25:37.340000",
"db": "NVD",
"id": "CVE-2025-3495"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics COMMGR Insufficient Randomization Authentication Bypass Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-397"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…