External risk intelligence

Delta AS320T can be taken over by attackers due to a file name flaw.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-1950

An internal attacker can exploit a file name error in the Delta Electronics AS320T to potentially gain administrative control or crash the system. This risk could lead to unauthorized modification of industrial control operations or critical service disruptions.

2Halo Surface Signal

Deltaww As320t Firmware

before 1.16

External exposure likelihood

Halo Surface Signal score for CVE-2026-1950

The affected product is an industrial control device typically deployed within protected operational technology networks. While it requires network connectivity for management, it is not designed for direct public internet exposure, and standard deployment patterns rely on internal network segmentation or isolation rather than public-facing connectivity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability in Delta Electronics AS320T allows for code execution by sending a specially crafted file name, potentially leading to system compromise. It's critical because it can be exploited remotely without any privileges.

  • Affects industrial control systems.
  • Enables remote code execution.
  • Complete system takeover is possible.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker could exploit this by uploading a specially crafted file name to the Delta AS320T. This could overwrite critical system files or crash the device, leading to a denial of service.

  • Network access required
  • File upload vulnerability
  • No authentication needed

Live Threat

Current exploitation, exposure, and threat context

This vulnerability involves a lack of buffer length checking when handling filenames, which could allow for code execution. While the impact is severe, the target product is an industrial control device that is not typically exposed to the public internet, suggesting a limited threat landscape for widespread exploitation.

  • No public exploit available.
  • Not listed as a KEV.
  • Affected product is industrial control.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize securing Delta AS320T devices due to a critical buffer overflow vulnerability allowing unauthenticated remote code execution. Investigate logs for signs of exploitation, and isolate affected devices from the network if they are accessible externally.

  • Block suspicious network traffic.
  • Isolate devices from the network.
  • Monitor for suspicious activity.

Frequently asked questions

What is the Delta Electronics AS320T device?

The Delta Electronics AS320T is a compact modular mid-range PLC (Programmable Logic Controller) used in various automated equipment for industries like electronics manufacturing, food packaging, and textile machines. It features high-performance CPUs and supports network communication protocols.

What kind of vulnerability does CVE-2026-1950 represent?

CVE-2026-1950 is a stack-based buffer overflow vulnerability, classified as CWE-121. This means it occurs when a program writes more data to a buffer on the stack than it can hold, potentially allowing an attacker to overwrite critical data or execute arbitrary code.

How can an attacker exploit CVE-2026-1950?

An attacker can exploit this by sending a specially crafted filename that exceeds the buffer's capacity when the AS320T processes file name inputs. This can occur without any authentication or user interaction, simply by sending a malicious request over the network.

Is this vulnerability a concern for devices exposed to the internet?

Yes, this vulnerability is a concern for devices that may be exposed to the internet. While typically used in internal industrial networks, if an AS320T device has any internet-facing connectivity, it could be targeted by remote attackers.

What is the first step to protect Delta AS320T devices?

The immediate first step for organizations running Delta AS320T devices is to consult official advisories from Delta Electronics for any available patches or mitigation guidance. In the absence of immediate fixes, isolating these devices from external networks or implementing network segmentation can help reduce exposure.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified