CVE-2024-25567
published 2024-03-21CVE-2024-25567: Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already…
PriorityP349high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.66%
47.0th percentile
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | diaenergie | < v1.10.00.005 | v1.10.00.005 |
| deltaww | diaenergie | < 1.10.00.005 | 1.10.00.005 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mgcc-v376-cqg5: Path traversal attack is possible and write outside of the intended directory and may access sensitive information
ghsa_unreviewed·2024-03-22
CVE-2024-25567 [HIGH] CWE-22 GHSA-mgcc-v376-cqg5: Path traversal attack is possible and write outside of the intended directory and may access sensitive information
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.
CISA ICS
Delta Electronics DIAEnergie
cisa_ics·2024-03-14·CVSS 8.8
[HIGH] Delta Electronics DIAEnergie
ICS Advisory
##
Delta Electronics DIAEnergie
Release DateMarch 14, 2024
Alert CodeICSA-24-074-12
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely
- Vendor: Delta Electronics
- Equipment: DIAEnergie
- Vulnerabilities: Improper Authorization, SQL Injection, Path Traversal, Cross-site Scripting
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, disclose sensitive information, or disrupt system availability.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Delta Electronics products are affected:
- DIAEnergie: Versions prior to v1.10.00.005.
## 3.2 Vulnerability Overview
3.2.1 IMPROPER AUTHORIZATION CWE-602
Privileges are not fully verified
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-21
Published