CVE-2022-1098
published 2022-04-01CVE-2022-1098: Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default…
PriorityP336high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.24%
14.4th percentile
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| deltaww | diaenergie | < 1.8.02.004 | 1.8.02.004 |
| diaenerrgie | diaenergie | >= unspecified < 1.8.02.004 | 1.8.02.004 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Delta Electronics DIAEnergie (Update C)
cisa_ics·2022-04-28·CVSS 9.8
[CRITICAL] Delta Electronics DIAEnergie (Update C)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Delta Electronics DIAEnergie (Update C)
Last RevisedAugust 02, 2022
Alert CodeICSA-22-081-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: DIAEnergie
- Vulnerabilities: Path Traversal, Incorrect Default Permissions, SQL Injection, Uncontrolled Search Path Element
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-22-081-01 Delta Electronics DIAEnergie (Update B) that was published April 28, 2022, on the ICS webpage at cisa.gov/ics.
## 3. R
GHSA
GHSA-rj9r-9hqf-9323: Delta Electronics DIAEnergie (all versions prior to 1
ghsa_unreviewed·2022-04-03
CVE-2022-1098 [HIGH] CWE-427 GHSA-rj9r-9hqf-9323: Delta Electronics DIAEnergie (all versions prior to 1
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-01
Published