Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to
1.9.03.009
have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-03 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-09-16T18:05:41
Updated: 2023-06-05T22:22:18.986Z
Reserved: 2022-09-14T00:00:00
Link: CVE-2022-3214
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-16T19:15:10.087
Modified: 2024-01-25T21:17:10.160
Link: CVE-2022-3214
JSON object: View
Redhat Information
No data.
CWE