Sign-up

ID

VAR-202206-2028


CVE

CVE-2022-33005


TITLE

Delta Electronics, INC.  of  DIAEnergie  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-012342

DESCRIPTION

A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. Delta Electronics, INC. of DIAEnergie Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency

Trust: 2.25

sources: NVD: CVE-2022-33005 // JVNDB: JVNDB-2022-012342 // CNNVD: CNNVD-202206-2636 // VULMON: CVE-2022-33005

AFFECTED PRODUCTS

vendor:deltawwmodel:diaenergiescope:eqversion:1.08.00

Trust: 1.0

vendor:deltamodel:diaenergiescope:eqversion:1.08.00

Trust: 0.8

vendor:deltamodel:diaenergiescope:eqversion: -

Trust: 0.8

vendor:deltamodel:diaenergiescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-012342 // NVD: CVE-2022-33005

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-33005
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202206-2636
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-33005
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2022-33005
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

NVD:
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2022-33005
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2022-33005 // JVNDB: JVNDB-2022-012342 // NVD: CVE-2022-33005 // CNNVD: CNNVD-202206-2636

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-012342 // NVD: CVE-2022-33005

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-2636

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202206-2636

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-33005

EXTERNAL IDS
db:NVDid:CVE-2022-33005
Trust: 3.3
db:JVNDBid:JVNDB-2022-012342
Trust: 0.8
db:CNNVDid:CNNVD-202206-2636
Trust: 0.6
db:VULMONid:CVE-2022-33005
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-33005 // 
            
            
            
            JVNDB: JVNDB-2022-012342 // 
            
            
            
            NVD: CVE-2022-33005 // 
            
            
            
            CNNVD: CNNVD-202206-2636

REFERENCES
url:https://github.com/zhuoniba/delta-diaenergie-xss
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2022-33005
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-33005/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-33005 // 
            
            
            
            JVNDB: JVNDB-2022-012342 // 
            
            
            
            NVD: CVE-2022-33005 // 
            
            
            
            CNNVD: CNNVD-202206-2636

SOURCES
db:VULMONid:CVE-2022-33005
db:JVNDBid:JVNDB-2022-012342
db:NVDid:CVE-2022-33005
db:CNNVDid:CNNVD-202206-2636

LAST UPDATE DATE
2023-12-18T12:15:33.585000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-33005date:2022-07-06T00:00:00
db:JVNDBid:JVNDB-2022-012342date:2023-08-29T08:02:00
db:NVDid:CVE-2022-33005date:2022-07-06T19:58:05.327
db:CNNVDid:CNNVD-202206-2636date:2022-07-07T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-33005date:2022-06-27T00:00:00
db:JVNDBid:JVNDB-2022-012342date:2023-08-29T00:00:00
db:NVDid:CVE-2022-33005date:2022-06-27T21:15:08.580
db:CNNVDid:CNNVD-202206-2636date:2022-06-27T00:00:00