ID

VAR-202203-0059


CVE

CVE-2022-0988


TITLE

Delta Electronics, INC.  of  DIAEnergie  Vulnerability in plaintext transmission of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2022-007360

DESCRIPTION

Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product. Delta Electronics, INC. of DIAEnergie Contains a vulnerability in the transmission of important information in clear text.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-0988 // JVNDB: JVNDB-2022-007360

AFFECTED PRODUCTS

vendor:deltawwmodel:diaenergiescope:lteversion:1.7.5

Trust: 1.0

vendor:deltamodel:diaenergiescope:lteversion:1.7.5 and earlier

Trust: 0.8

vendor:deltamodel:diaenergiescope: - version: -

Trust: 0.8

vendor:deltamodel:diaenergiescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-007360 // NVD: CVE-2022-0988

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-0988
value: HIGH

Trust: 1.8

ics-cert@hq.dhs.gov: CVE-2022-0988
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202203-1972
value: HIGH

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2022-0988
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov:
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-0988
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-007360 // NVD: CVE-2022-0988 // NVD: CVE-2022-0988 // CNNVD: CNNVD-202203-1972

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

problemtype:Sending important information in clear text (CWE-319) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-007360 // NVD: CVE-2022-0988

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-1972

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-1972

CONFIGURATIONS

sources: NVD: CVE-2022-0988

EXTERNAL IDS

db:NVDid:CVE-2022-0988

Trust: 3.2

db:ICS CERTid:ICSA-21-238-03

Trust: 2.4

db:JVNDBid:JVNDB-2022-007360

Trust: 0.8

db:CNNVDid:CNNVD-202203-1972

Trust: 0.6

sources: JVNDB: JVNDB-2022-007360 // NVD: CVE-2022-0988 // CNNVD: CNNVD-202203-1972

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-0988

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-0988/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03

Trust: 0.6

sources: JVNDB: JVNDB-2022-007360 // NVD: CVE-2022-0988 // CNNVD: CNNVD-202203-1972

CREDITS

Michael Heinzl reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202203-1972

SOURCES

db:JVNDBid:JVNDB-2022-007360
db:NVDid:CVE-2022-0988
db:CNNVDid:CNNVD-202203-1972

LAST UPDATE DATE

2023-12-18T11:02:33.827000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-007360date:2023-07-13T08:30:00
db:NVDid:CVE-2022-0988date:2022-04-01T12:24:18.417
db:CNNVDid:CNNVD-202203-1972date:2022-04-06T00:00:00

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-007360date:2023-07-13T00:00:00
db:NVDid:CVE-2022-0988date:2022-03-25T19:15:10.460
db:CNNVDid:CNNVD-202203-1972date:2022-03-22T00:00:00