Critical RCE in Delta Electronics AS320T Industrial Controllers
The National Vulnerability Database has issued a critical advisory for CVE-2026-1949, affecting Delta Electronics AS320T industrial controllers. This vulnerability stems from an incorrect calculation of buffer size on the stack within the web service’s GET/PUT request handler. With a CVSS score of 9.8, this flaw is highly severe, making these devices ripe for remote exploitation.
This isn’t just a bug; it’s a direct path to full system compromise. The attacker’s calculus here is simple: unauthenticated remote code execution (RCE) on critical infrastructure, often internet-exposed. The AV:N/AC:L/PR:N/UI:N vector means an attacker needs no prior access, no complex techniques, and no user interaction. This is as bad as it gets for exposed operational technology (OT).
For defenders, the implication is clear: unpatched AS320T devices are wide open. This vulnerability, categorized as CWE-131 (Incorrect Calculation of Buffer Size), allows an attacker to inject and execute arbitrary code, taking full control of industrial processes. This can lead to disruption, data manipulation, or even physical damage, depending on the controlled environment.
What This Means For You
- If your organization uses Delta Electronics AS320T industrial controllers, assume they are vulnerable. Immediately identify all instances, assess their network exposure, and prioritize patching or isolating them. Conduct a thorough audit of these devices for any signs of compromise, as unauthenticated RCE means attackers could already be inside.
Related ATT&CK Techniques
🛡️ Detection Rules
4 rules · 6 SIEM formats4 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Web Application Exploitation Attempt — CVE-2026-1949
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-1949 | Buffer Overflow | Delta Electronics AS320T |
| CVE-2026-1949 | Buffer Overflow | Incorrect calculation of buffer size on the stack |
| CVE-2026-1949 | Buffer Overflow | GET/PUT request handler of the web service |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 24, 2026 at 09:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-4078 — Cross-Site Scripting (XSS)
CVE-2026-4078 — The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes (iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice) in all versions up to...
CVE-2026-3569 — The Liaison Site Prober plugin for WordPress is vulnerable
CVE-2026-3569 — The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs...
CVE-2026-3565 — The Taqnix plugin for WordPress is vulnerable to Cross-Site
CVE-2026-3565 — The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to...