CVE-2022-0988
published 2022-03-25CVE-2022-0988: Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.50%
38.9th percentile
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | diaenergie | unspecified – 1.7.5 | — |
| deltaww | diaenergie | <= 1.7.5 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xjhw-6jx7-jr2f: Delta Electronics DIAEnergie (Version 1
ghsa_unreviewed·2022-03-26
CVE-2022-0988 [HIGH] CWE-319 GHSA-xjhw-6jx7-jr2f: Delta Electronics DIAEnergie (Version 1
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.
CISA ICS
Delta Electronics DIAEnergie (Update C)
cisa_ics·2022-03-22·CVSS 5.5
[MEDIUM] Delta Electronics DIAEnergie (Update C)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Delta Electronics DIAEnergie (Update C)
Last RevisedAugust 02, 2022
Alert CodeICSA-21-238-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: DIAEnergie
- Vulnerabilities: Use of Password Hash with Insufficient Computational Effort, Authentication Bypass Using an Alternate Path or Channel, Unrestricted Upload of File with Dangerous Type, SQL Injection, Cross-site Request Forgery, Cross-site Scripting, Cleartext Transmission of Sensitive Information
## 2. UPDATE INFORMATION
This updated ad
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-03-25
Published