CVE-2022-0988

Published: Mar 25, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.

Affected (1)

Products: Deltaww: Diaenergie

Deltaww

1 product

Diaenergie

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Deltaww Diaenergie	Up to 1.7.5

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03

Source: ics-cert@hq.dhs.gov

MitigationPatchThird Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchThird Party AdvisoryUS Government Resource

Timeline

No history available yet.