Delta’s Dicey PRNG: Weak Randomness Rolls Out Red Carpet for Hackers!
View CSAF: Delta Electronics’ COMMGR software faces a high-risk vulnerability due to a weak pseudo-random number generator, making it vulnerable to remote code execution. While Version 1 is no longer supported, Delta plans to patch Version 2. Users should batten down their digital hatches and follow recommended security measures.
Hot Take:
Ah, the joys of technology—where your software management platform is as secure as a wet paper bag. Kudos to Delta Electronics for giving cybercriminals the equivalent of a skeleton key to their COMMGR software. It’s like they decided to hand out free passes to their virtual PLCs with “please don’t hack me” notes attached. But don’t worry, a fix is on the way… for Version 2, at least. Version 1 users, you’re on your own. Just remember, folks, in the world of cybersecurity, randomness is your friend. It’s too bad this PRNG didn’t get that memo.
Key Points:
- Delta Electronics’ COMMGR software is vulnerable due to weak PRNG.
- All versions of COMMGR Version 1 and 2 are affected.
- Vulnerability allows remote execution of arbitrary code.
- COMMGR Version 1 has reached end of life; only Version 2 will receive fixes.
- Trend Micro’s ZDI reported the issue, with a CVSS v4 score of 9.3.