CVE-2022-26839

Published: Mar 29, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.

Affected (1)

Products: Deltaww: Diaenergie

Deltaww

1 product

Diaenergie

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Deltaww Diaenergie	Before 1.8.02.004

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.