Sign-up

ID

VAR-202209-1040


CVE

CVE-2022-3214


TITLE

Delta Electronics  Made  DIAEnergie  Use of Hardcoded Credentials Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002366

DESCRIPTION

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to  1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. DIAEnergie The following vulnerabilities exist in. It was * Use hard-coded credentials (CWE-798) - CVE-2022-3214If the vulnerability is exploited, it may be affected as follows. It was * hard-coded by a remote third party Bearer The product may be accessed using your credentials. This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation DIAEnergie. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the web service. An attacker can leverage this vulnerability to bypass authentication on the system

Trust: 4.23

sources: NVD: CVE-2022-3214 // JVNDB: JVNDB-2022-002366 // ZDI: ZDI-22-1453 // ZDI: ZDI-23-1531 // ZDI: ZDI-23-1530 // ZDI: ZDI-23-1529 // VULMON: CVE-2022-3214

AFFECTED PRODUCTS

vendor:deltamodel:diaenergiescope: - version: -

Trust: 2.8

vendor:deltawwmodel:diaenergiescope:ltversion:1.9.03.009

Trust: 1.0

vendor:deltamodel:diaenergiescope:eqversion: -

Trust: 0.8

vendor:deltamodel:diaenergiescope:ltversion:1.9.03.009 earlier

Trust: 0.8

sources: ZDI: ZDI-22-1453 // ZDI: ZDI-23-1531 // ZDI: ZDI-23-1530 // ZDI: ZDI-23-1529 // JVNDB: JVNDB-2022-002366 // NVD: CVE-2022-3214

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2022-3214
value: CRITICAL

Trust: 2.8

NVD: CVE-2022-3214
value: CRITICAL

Trust: 1.8

ics-cert@hq.dhs.gov: CVE-2022-3214
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202209-1274
value: CRITICAL

Trust: 0.6

ZDI: CVE-2022-3214
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 2.8

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-3214
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-22-1453 // ZDI: ZDI-23-1531 // ZDI: ZDI-23-1530 // ZDI: ZDI-23-1529 // JVNDB: JVNDB-2022-002366 // CNNVD: CNNVD-202209-1274 // NVD: CVE-2022-3214 // NVD: CVE-2022-3214

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:Use hard-coded credentials (CWE-798) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-002366 // NVD: CVE-2022-3214

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-1274

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202209-1274

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-3214

PATCH
title:Delta Electronics has issued an update to correct this vulnerability.url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-256-03
Trust: 2.1
title:Download Center Deltaurl:https://downloadcenter.deltaww.com/en-us/downloadcenter?v=1&q=diaenergie%20v1.9&sort_expr=cdate&sort_dir=desc
Trust: 0.8
title:Delta Electronics has issued an update to correct this vulnerability.url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-03
Trust: 0.7
title:Delta Electronics DIAEnergie Repair measures for trust management problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=240385
Trust: 0.6
sources:
            
            
            ZDI: ZDI-22-1453 // 
            
            
            
            ZDI: ZDI-23-1531 // 
            
            
            
            ZDI: ZDI-23-1530 // 
            
            
            
            ZDI: ZDI-23-1529 // 
            
            
            
            JVNDB: JVNDB-2022-002366 // 
            
            
            
            CNNVD: CNNVD-202209-1274

EXTERNAL IDS
db:NVDid:CVE-2022-3214
Trust: 6.1
db:ICS CERTid:ICSA-22-256-03
Trust: 2.5
db:JVNid:JVNVU96863801
Trust: 0.8
db:JVNDBid:JVNDB-2022-002366
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-16858
Trust: 0.7
db:ZDIid:ZDI-22-1453
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-18855
Trust: 0.7
db:ZDIid:ZDI-23-1531
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-18853
Trust: 0.7
db:ZDIid:ZDI-23-1530
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-18857
Trust: 0.7
db:ZDIid:ZDI-23-1529
Trust: 0.7
db:CNNVDid:CNNVD-202209-1274
Trust: 0.6
db:VULMONid:CVE-2022-3214
Trust: 0.1
sources:
            
            
            ZDI: ZDI-22-1453 // 
            
            
            
            ZDI: ZDI-23-1531 // 
            
            
            
            ZDI: ZDI-23-1530 // 
            
            
            
            ZDI: ZDI-23-1529 // 
            
            
            
            VULMON: CVE-2022-3214 // 
            
            
            
            JVNDB: JVNDB-2022-002366 // 
            
            
            
            CNNVD: CNNVD-202209-1274 // 
            
            
            
            NVD: CVE-2022-3214

REFERENCES
url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-03
Trust: 3.2
url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-256-03
Trust: 2.1
url:http://jvn.jp/vu/jvnvu96863801/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2022-3214
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-3214/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            ZDI: ZDI-22-1453 // 
            
            
            
            ZDI: ZDI-23-1531 // 
            
            
            
            ZDI: ZDI-23-1530 // 
            
            
            
            ZDI: ZDI-23-1529 // 
            
            
            
            VULMON: CVE-2022-3214 // 
            
            
            
            JVNDB: JVNDB-2022-002366 // 
            
            
            
            CNNVD: CNNVD-202209-1274 // 
            
            
            
            NVD: CVE-2022-3214

CREDITS
Anonymous
Trust: 2.1
sources:
            
            
            ZDI: ZDI-23-1531 // 
            
            
            
            ZDI: ZDI-23-1530 // 
            
            
            
            ZDI: ZDI-23-1529

SOURCES
db:ZDIid:ZDI-22-1453
db:ZDIid:ZDI-23-1531
db:ZDIid:ZDI-23-1530
db:ZDIid:ZDI-23-1529
db:VULMONid:CVE-2022-3214
db:JVNDBid:JVNDB-2022-002366
db:CNNVDid:CNNVD-202209-1274
db:NVDid:CVE-2022-3214

LAST UPDATE DATE
2024-06-14T23:12:29.345000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-22-1453date:2022-10-21T00:00:00
db:ZDIid:ZDI-23-1531date:2023-10-05T00:00:00
db:ZDIid:ZDI-23-1530date:2023-10-05T00:00:00
db:ZDIid:ZDI-23-1529date:2023-10-05T00:00:00
db:VULMONid:CVE-2022-3214date:2022-09-16T00:00:00
db:JVNDBid:JVNDB-2022-002366date:2024-06-13T02:21:00
db:CNNVDid:CNNVD-202209-1274date:2023-06-06T00:00:00
db:NVDid:CVE-2022-3214date:2024-01-25T21:17:10.160

SOURCES RELEASE DATE
db:ZDIid:ZDI-22-1453date:2022-10-21T00:00:00
db:ZDIid:ZDI-23-1531date:2023-10-05T00:00:00
db:ZDIid:ZDI-23-1530date:2023-10-05T00:00:00
db:ZDIid:ZDI-23-1529date:2023-10-05T00:00:00
db:VULMONid:CVE-2022-3214date:2022-09-16T00:00:00
db:JVNDBid:JVNDB-2022-002366date:2022-09-16T00:00:00
db:CNNVDid:CNNVD-202209-1274date:2022-09-16T00:00:00
db:NVDid:CVE-2022-3214date:2022-09-16T19:15:10.087