VAR-202209-1040
Vulnerability from variot - Updated: 2024-06-14 23:12Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to
1.9.03.009
have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. DIAEnergie The following vulnerabilities exist in. It was * Use hard-coded credentials (CWE-798) - CVE-2022-3214If the vulnerability is exploited, it may be affected as follows. It was * hard-coded by a remote third party Bearer The product may be accessed using your credentials. This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation DIAEnergie. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the web service. An attacker can leverage this vulnerability to bypass authentication on the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "diaenergie",
"scope": null,
"trust": 2.8,
"vendor": "delta",
"version": null
},
{
"model": "diaenergie",
"scope": "lt",
"trust": 1.0,
"vendor": "deltaww",
"version": "1.9.03.009"
},
{
"model": "diaenergie",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "diaenergie",
"scope": "lt",
"trust": 0.8,
"vendor": "delta",
"version": "1.9.03.009 earlier"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.9.03.009",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
}
],
"trust": 2.1
},
"cve": "CVE-2022-3214",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-3214",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-3214",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-3214",
"trust": 2.8,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-3214",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-3214",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-1274",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-1274"
},
{
"db": "NVD",
"id": "CVE-2022-3214"
},
{
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Industrial Automation\u0027s DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to\u00a0\n\n1.9.03.009\n\n have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. DIAEnergie The following vulnerabilities exist in. It was * Use hard-coded credentials (CWE-798) - CVE-2022-3214If the vulnerability is exploited, it may be affected as follows. It was * hard-coded by a remote third party Bearer The product may be accessed using your credentials. This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation DIAEnergie. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the web service. An attacker can leverage this vulnerability to bypass authentication on the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3214"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"db": "VULMON",
"id": "CVE-2022-3214"
}
],
"trust": 4.23
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3214",
"trust": 6.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-256-03",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU96863801",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16858",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1453",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18855",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-23-1531",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18853",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-23-1530",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18857",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-23-1529",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202209-1274",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-3214",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"db": "VULMON",
"id": "CVE-2022-3214"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-1274"
},
{
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"id": "VAR-202209-1040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-06-14T23:12:29.345000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-256-03"
},
{
"title": "Download\u00a0Center Delta",
"trust": 0.8,
"url": "https://downloadcenter.deltaww.com/en-us/downloadcenter?v=1\u0026q=diaenergie%20v1.9\u0026sort_expr=cdate\u0026sort_dir=desc"
},
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-03"
},
{
"title": "Delta Electronics DIAEnergie Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=240385"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-1274"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Use hard-coded credentials (CWE-798) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-03"
},
{
"trust": 2.1,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-256-03"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96863801/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3214"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3214/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"db": "VULMON",
"id": "CVE-2022-3214"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-1274"
},
{
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"db": "VULMON",
"id": "CVE-2022-3214"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-1274"
},
{
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-21T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"date": "2023-10-05T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"date": "2023-10-05T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"date": "2023-10-05T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"date": "2022-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-3214"
},
{
"date": "2022-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"date": "2022-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-1274"
},
{
"date": "2022-09-16T19:15:10.087000",
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-21T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"date": "2023-10-05T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"date": "2023-10-05T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"date": "2023-10-05T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"date": "2022-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-3214"
},
{
"date": "2024-06-13T02:21:00",
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"date": "2023-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-1274"
},
{
"date": "2024-01-25T21:17:10.160000",
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-1274"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta\u00a0Electronics\u00a0 Made \u00a0DIAEnergie\u00a0 Use of Hardcoded Credentials Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-1274"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…