Industrial companies are urged to heighten their vigilance following the discovery of two serious vulnerabilities in Delta Electronics’ DIALink industrial network software—a widely used solution for device management and network connectivity across factory automation environments, manufacturing facilities, and other critical infrastructure sectors.

Vulnerability Details

The two vulnerabilities have been identified as CVE-2025-58320 and CVE-2025-58321.

The first vulnerability, CVE-2025-58320, stems from insufficient directory path restrictions. This flaw enables attackers to exploit path traversal techniques to access sensitive files or data outside designated directories. The CVSS score for this vulnerability is 7.3, indicating a high-risk level.

More concerning, CVE-2025-58321 is a similar weakness but with a maximum severity score of 10.0 (Critical). This vulnerability allows attackers to bypass system authentication entirely, gain full access, and potentially manage or control industrial devices remotely without administrator approval.

Impact on Industry

Delta DIALink is commonly deployed within critical industrial networks—not only in manufacturing, but also in power generation plants, water utilities, and transportation systems. Exploiting these vulnerabilities could allow attackers to infiltrate internal networks, steal sensitive data, or even sabotage automation processes and operations within affected facilities.

If systems remain unpatched, such attacks could compromise data integrity, disrupt supply chains, and cause significant operational losses. The authentication bypass additionally opens pathways for malware or ransomware to spread across the entire OT (Operational Technology) network.

Who Is at Risk?

According to official advisories and security community reports, the affected versions include DIALink V1.6.0.0 and earlier. Thousands of organizations worldwide using older DIALink releases must take immediate mitigation steps to protect their critical networks.

Technical Recommendations

Delta Electronics has released critical updates—users are strongly urged to upgrade DIALink to version V1.8.0.0 or later. Security experts also recommend taking the following additional measures:

• Conduct a comprehensive security audit of all industrial networks

• Restrict access to industrial devices using firewalls and network segmentation

• Disable or limit direct remote access to DIALink devices unless absolutely necessary

• Ensure devices are not exposed directly to the public internet without added protection such as VPN

• Train IT teams and plant operators on potential impacts and early detection of attack attempts

Practical Tips to Secure Industrial Systems

• Never use factory-default passwords

• Enable multi-factor authentication where possible

• Regularly back up system configurations and critical data

• Review access logs frequently and enable alerts for unusual activities

Conclusion

Cyberattacks targeting industrial systems are becoming increasingly common and are now striking strategic points within the production chain. The Delta DIALink case reinforces the importance of regular updates and strict access controls on OT devices as essential defensive measures for industrial cybersecurity.