Details of VAR-202111-0248

ID

VAR-202111-0248

CVE

CVE-2021-38422

TITLE

Delta Electronics DIALink Vulnerability in plaintext storage of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014640

DESCRIPTION

Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges. Delta Electronics DIALink There is a vulnerability in plaintext storage of important information.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DIALink is a device networking platform launched by Delta Electronics, which can effectively manage CNC machine tools and PLC control machines, collect field device data and connect with the upper management platform through a unified interface, and provide visual information to reflect process parameters and equipment work

Trust: 2.16

sources: NVD: CVE-2021-38422 // JVNDB: JVNDB-2021-014640 // CNVD: CNVD-2021-84836

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-84836

AFFECTED PRODUCTS

vendor:	deltaww	model:	dialink	scope:	lte	version:	1.2.4.0	Trust: 1.0
vendor:	delta	model:	dialink	scope:	eq	version:	-	Trust: 0.8
vendor:	delta	model:	dialink	scope:	lte	version:	1.2.4.0 and earlier	Trust: 0.8
vendor:	delta	model:	electronics dialink	scope:	lte	version:	<=1.2.4.0	Trust: 0.6

sources: CNVD: CNVD-2021-84836 // JVNDB: JVNDB-2021-014640 // NVD: CVE-2021-38422

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-38422
value:	HIGH
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-38422
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-38422
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-84836
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202110-1529
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-38422
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-84836
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-38422
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-014640
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-84836 // JVNDB: JVNDB-2021-014640 // CNNVD: CNNVD-202110-1529 // NVD: CVE-2021-38422 // NVD: CVE-2021-38422

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-014640 // NVD: CVE-2021-38422

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-1529

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-1529

PATCH

title:

Top Page

url:

https://www.deltaww.com/en-US/index

Trust: 0.8

sources: JVNDB: JVNDB-2021-014640

EXTERNAL IDS

db:	NVD	id:	CVE-2021-38422	Trust: 3.8
db:	ICS CERT	id:	ICSA-21-294-02	Trust: 3.0
db:	JVN	id:	JVNVU94767496	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-014640	Trust: 0.8
db:	CNVD	id:	CNVD-2021-84836	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3528	Trust: 0.6
db:	CS-HELP	id:	SB2021102209	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-1529	Trust: 0.6

sources: CNVD: CNVD-2021-84836 // JVNDB: JVNDB-2021-014640 // CNNVD: CNNVD-202110-1529 // NVD: CVE-2021-38422

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02	Trust: 2.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-38422	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu94767496/	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-21-294-02	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021102209	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3528	Trust: 0.6

sources: CNVD: CNVD-2021-84836 // JVNDB: JVNDB-2021-014640 // CNNVD: CNNVD-202110-1529 // NVD: CVE-2021-38422

CREDITS

Michael Heinzl reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202110-1529

SOURCES

db:	CNVD	id:	CNVD-2021-84836
db:	JVNDB	id:	JVNDB-2021-014640
db:	CNNVD	id:	CNNVD-202110-1529
db:	NVD	id:	CVE-2021-38422

LAST UPDATE DATE

2024-08-14T13:53:47.616000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-84836	date:	2022-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-014640	date:	2022-10-21T07:58:00
db:	CNNVD	id:	CNNVD-202110-1529	date:	2021-11-11T00:00:00
db:	NVD	id:	CVE-2021-38422	date:	2021-11-05T15:09:39.340

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-84836	date:	2021-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-014640	date:	2022-10-21T00:00:00
db:	CNNVD	id:	CNNVD-202110-1529	date:	2021-10-21T00:00:00
db:	NVD	id:	CVE-2021-38422	date:	2021-11-03T20:15:08.773