CVE-2024-34033
published 2024-05-03CVE-2024-34033: Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended…
PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.00%
58.4th percentile
Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | diaenergie | — | — |
| deltaww | diaenergie | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Delta Electronics DIAEnergie
cisa_ics·2024-05-02·CVSS 8.8
[HIGH] Delta Electronics DIAEnergie
ICS Advisory
##
Delta Electronics DIAEnergie
Release DateMay 02, 2024
Alert CodeICSA-24-123-02
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: DIAEnergie
- Vulnerabilities: SQL Injection, Path Traversal
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an authenticated attacker with limited privileges to escalate privileges, retrieve confidential information, upload arbitrary files, backdoor the application, and compromise the system on which DIAEnergie is deployed.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Delta Electronics DIAEnergie, an industrial energy management system, are affected:
-
GHSA
GHSA-45fx-8598-pqhv: Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the int
ghsa_unreviewed·2024-05-03
CVE-2024-34033 [HIGH] CWE-22 GHSA-45fx-8598-pqhv: Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the int
Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-03
Published