CVE-2022-3214

Description

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Version 1.8.0 and prior have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.

Related CPE's

a deltaww diaenergie ********

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-03

Third Party AdvisoryUS Government Resource

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io