CVE-2024-28171
published 2024-03-21CVE-2024-28171: It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file…
PriorityP346high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
EPSS
0.65%
46.3th percentile
It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | diaenergie | < v1.10.00.005 | v1.10.00.005 |
| deltaww | diaenergie | < 1.10.00.005 | 1.10.00.005 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Delta Electronics DIAEnergie
cisa_ics·2024-03-14·CVSS 8.8
[HIGH] Delta Electronics DIAEnergie
ICS Advisory
##
Delta Electronics DIAEnergie
Release DateMarch 14, 2024
Alert CodeICSA-24-074-12
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely
- Vendor: Delta Electronics
- Equipment: DIAEnergie
- Vulnerabilities: Improper Authorization, SQL Injection, Path Traversal, Cross-site Scripting
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, disclose sensitive information, or disrupt system availability.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Delta Electronics products are affected:
- DIAEnergie: Versions prior to v1.10.00.005.
## 3.2 Vulnerability Overview
3.2.1 IMPROPER AUTHORIZATION CWE-602
Privileges are not fully verified
GHSA
GHSA-99h3-9g3j-xw8m: It is possible to perform a path traversal attack and write outside of the intended directory
ghsa_unreviewed·2024-03-22
CVE-2024-28171 [HIGH] CWE-22 GHSA-99h3-9g3j-xw8m: It is possible to perform a path traversal attack and write outside of the intended directory
It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-21
Published