πŸ” CVE Alert

CVE-2022-3214

CRITICAL 9.8

Delta Electronics DIAEnergy Use of Hard-coded Credentials

CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior toΒ  1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.

CWE CWE-798
Vendor delta electronics
Product diaenergy
Published Sep 16, 2022
Last Updated Aug 3, 2024
Stay Ahead of the Next One

Get instant alerts for delta electronics diaenergy

Be the first to know when new critical vulnerabilities affecting delta electronics diaenergy are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

Delta Electronics / DIAEnergy
all < 1.9.03.009

References

NVD β†— CVE.org β†— EPSS Data β†—
cisa.gov: https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-03

Credits

Y4er working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.