CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2022-3214

CVSS 9.8v3.1pub. 2022-09-16upd. 2026-02-25

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior toΒ  1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Deltaww Diaenergie

    APP
    Deltaww
    < 1.9.03.009
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-43699CRITICAL9.3PL βœ“ten sam produkt

SQL Injection w Delta Electronics DIAEnergie β€” dostΔ™p do danych bez uwierzytelnienia

CVE-2024-4547CRITICAL9.8PL βœ“ten sam produkt

SQL Injection w Delta Electronics DIAEnergie β€” nieuwierzytelniony dostΔ™p zdalny

CVE-2024-4548CRITICAL9.8PL βœ“ten sam produkt

SQL Injection w Delta Electronics DIAEnergie via RecalculateHDMWYC

CVE-2022-43775CRITICAL9.8ten sam produkt

The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an atta...

CVE-2022-43774CRITICAL9.8ten sam produkt

The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow ...

CVE-2022-3214 β€” Deltaww β€” Diaenergie β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl