var-202209-1040
Vulnerability from variot
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to
1.9.03.009
have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. DIAEnergie The following vulnerabilities exist in. It was * Use hard-coded credentials (CWE-798) - CVE-2022-3214If the vulnerability is exploited, it may be affected as follows. It was * hard-coded by a remote third party Bearer The product may be accessed using your credentials. This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation DIAEnergie. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the web service. An attacker can leverage this vulnerability to bypass authentication on the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "diaenergie",
"scope": null,
"trust": 2.8,
"vendor": "delta",
"version": null
},
{
"model": "diaenergie",
"scope": "lt",
"trust": 1.0,
"vendor": "deltaww",
"version": "1.9.03.009"
},
{
"model": "diaenergie",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "diaenergie",
"scope": "lt",
"trust": 0.8,
"vendor": "delta",
"version": "1.9.03.009 earlier"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.9.03.009",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
}
],
"trust": 2.1
},
"cve": "CVE-2022-3214",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-3214",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-3214",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-3214",
"trust": 2.8,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-3214",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-3214",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-1274",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-1274"
},
{
"db": "NVD",
"id": "CVE-2022-3214"
},
{
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Industrial Automation\u0027s DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to\u00a0\n\n1.9.03.009\n\n have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. DIAEnergie The following vulnerabilities exist in. It was * Use hard-coded credentials (CWE-798) - CVE-2022-3214If the vulnerability is exploited, it may be affected as follows. It was * hard-coded by a remote third party Bearer The product may be accessed using your credentials. This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation DIAEnergie. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the web service. An attacker can leverage this vulnerability to bypass authentication on the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3214"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"db": "VULMON",
"id": "CVE-2022-3214"
}
],
"trust": 4.23
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3214",
"trust": 6.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-256-03",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU96863801",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16858",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1453",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18855",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-23-1531",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18853",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-23-1530",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18857",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-23-1529",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202209-1274",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-3214",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"db": "VULMON",
"id": "CVE-2022-3214"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-1274"
},
{
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"id": "VAR-202209-1040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-06-14T23:12:29.345000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-256-03"
},
{
"title": "Download\u00a0Center Delta",
"trust": 0.8,
"url": "https://downloadcenter.deltaww.com/en-us/downloadcenter?v=1\u0026q=diaenergie%20v1.9\u0026sort_expr=cdate\u0026sort_dir=desc"
},
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-03"
},
{
"title": "Delta Electronics DIAEnergie Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=240385"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-1274"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Use hard-coded credentials (CWE-798) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-03"
},
{
"trust": 2.1,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-256-03"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96863801/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3214"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3214/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"db": "VULMON",
"id": "CVE-2022-3214"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-1274"
},
{
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"db": "VULMON",
"id": "CVE-2022-3214"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-1274"
},
{
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-21T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"date": "2023-10-05T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"date": "2023-10-05T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"date": "2023-10-05T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"date": "2022-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-3214"
},
{
"date": "2022-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"date": "2022-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-1274"
},
{
"date": "2022-09-16T19:15:10.087000",
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-21T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1453"
},
{
"date": "2023-10-05T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1531"
},
{
"date": "2023-10-05T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1530"
},
{
"date": "2023-10-05T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1529"
},
{
"date": "2022-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-3214"
},
{
"date": "2024-06-13T02:21:00",
"db": "JVNDB",
"id": "JVNDB-2022-002366"
},
{
"date": "2023-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-1274"
},
{
"date": "2024-01-25T21:17:10.160000",
"db": "NVD",
"id": "CVE-2022-3214"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-1274"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta\u00a0Electronics\u00a0 Made \u00a0DIAEnergie\u00a0 Use of Hardcoded Credentials Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002366"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-1274"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.