cbcvebase.
CVE-2022-2969
published 2022-12-01

CVE-2022-2969: Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory…

PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
2.28%
81.0th percentile
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory.

Affected

3 ranges
VendorProductVersion rangeFixed in
delta_industrial_automationdialink< 1.5.0.0 Beta 41.5.0.0 Beta 4
deltawwdialink< 1.5.0.01.5.0.0
deltawwdialink
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.