VAR-202208-1663
Vulnerability from variot - Updated: 2024-06-02 22:52Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. Delta Electronics Provided by the company DIALink contains the following vulnerabilities: * Using hardcoded encryption keys (CWE-321) - CVE-2022-2660If the vulnerability is exploited, it may be affected as follows. It was * Sensitive encrypted data stored on the device may be decrypted by a remote third party. This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation DIALink. Authentication is not required to exploit this vulnerability.The specific flaw exists within the authorization of requests to the server. The issue results from hardcoding crytographic keys within the product. An attacker can leverage this vulnerability to bypass authentication on the system. Delta Electronics Industrial Automation DIALink is an industrial automation IoT device from Delta Electronics, Taiwan, China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1663",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dialink",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "1.4.0.0"
},
{
"model": "dialink",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "dialink",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "v1.4.0.0 and earlier"
},
{
"model": "dialink",
"scope": null,
"trust": 0.7,
"vendor": "delta",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:deltaww:dialink:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.4.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Y4er",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1166"
}
],
"trust": 0.7
},
"cve": "CVE-2022-2660",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2660",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2660",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-2660",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2660",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2022-2660",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-3794",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
},
{
"db": "NVD",
"id": "CVE-2022-2660"
},
{
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Industrial Automation DIALink versions 1.4.0.0 and prior are\u00a0vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. Delta Electronics Provided by the company DIALink contains the following vulnerabilities: * Using hardcoded encryption keys (CWE-321) - CVE-2022-2660If the vulnerability is exploited, it may be affected as follows. It was * Sensitive encrypted data stored on the device may be decrypted by a remote third party. This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation DIALink. Authentication is not required to exploit this vulnerability.The specific flaw exists within the authorization of requests to the server. The issue results from hardcoding crytographic keys within the product. An attacker can leverage this vulnerability to bypass authentication on the system. Delta Electronics Industrial Automation DIALink is an industrial automation IoT device from Delta Electronics, Taiwan, China",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2660"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2660",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-22-235-02",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU99763068",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16889",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1166",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3794",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-2660",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"db": "VULMON",
"id": "CVE-2022-2660"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
},
{
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"id": "VAR-202208-1663",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6926407
},
"last_update_date": "2024-06-02T22:52:16.286000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Contact\u00a0Us",
"trust": 0.8,
"url": "https://www.deltaww.com/en/customerservice"
},
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-02"
},
{
"title": "Delta Electronics Industrial Automation DIALink Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=217984"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded encryption keys (CWE-321) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-02"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99763068/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2660"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2660/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-235-02"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"db": "VULMON",
"id": "CVE-2022-2660"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
},
{
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"db": "VULMON",
"id": "CVE-2022-2660"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
},
{
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-24T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"date": "2022-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"date": "2022-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3794"
},
{
"date": "2022-12-13T22:15:09.910000",
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-24T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"date": "2024-05-31T09:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"date": "2022-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3794"
},
{
"date": "2023-11-07T03:46:50.010000",
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta\u00a0Electronics\u00a0 Made \u00a0DIALink\u00a0 Vulnerability of using hard-coded encryption keys in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…