Vulnerability Details CVE-2022-3214
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to
1.9.03.009
have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.029
EPSS Ranking 85.8%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-3214
-
cpe:2.3:a:deltaww:diaenergie:-
-
cpe:2.3:a:deltaww:diaenergie:1.08.00
-
cpe:2.3:a:deltaww:diaenergie:1.7.5
-
cpe:2.3:a:deltaww:diaenergie:1.8.0
-
cpe:2.3:a:deltaww:diaenergie:1.8.02.004
-
cpe:2.3:a:deltaww:diaenergie:1.9.0
-
cpe:2.3:a:deltaww:diaenergie:1.9.01.001
-
cpe:2.3:a:deltaww:diaenergie:1.9.01.002
-
cpe:2.3:a:deltaww:diaenergie:1.9.03.001