Details of VAR-202405-0107

ID

VAR-202405-0107

CVE

CVE-2024-34033

TITLE

Delta Electronics DIAEnergie Path Traversal Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-01806

DESCRIPTION

Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten. Delta Electronics DIAEnergie is an industrial energy management system launched by Delta Electronics, a Taiwanese company

Trust: 1.44

sources: NVD: CVE-2024-34033 // CNVD: CNVD-2025-01806

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-01806

AFFECTED PRODUCTS

vendor:	deltaww	model:	diaenergie	scope:	eq	version:	1.10.00.005	Trust: 1.0
vendor:	delta	model:	electronics diaenergie	scope:	eq	version:	1.10.00.005	Trust: 0.6

sources: CNVD: CNVD-2025-01806 // NVD: CVE-2024-34033

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2024-34033
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-34033
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-01806
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-01806
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

ics-cert@hq.dhs.gov:	CVE-2024-34033
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2025-01806 // NVD: CVE-2024-34033 // NVD: CVE-2024-34033

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.0

sources: NVD: CVE-2024-34033

PATCH

title:

Patch for Delta Electronics DIAEnergie Path Traversal Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/652076

Trust: 0.6

sources: CNVD: CNVD-2025-01806

EXTERNAL IDS

db:	NVD	id:	CVE-2024-34033	Trust: 1.6
db:	ICS CERT	id:	ICSA-24-123-02	Trust: 1.6
db:	CNVD	id:	CNVD-2025-01806	Trust: 0.6

sources: CNVD: CNVD-2025-01806 // NVD: CVE-2024-34033

REFERENCES

url:

https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02

Trust: 1.6

sources: CNVD: CNVD-2025-01806 // NVD: CVE-2024-34033

SOURCES

db:	CNVD	id:	CNVD-2025-01806
db:	NVD	id:	CVE-2024-34033

LAST UPDATE DATE

2025-01-30T22:59:06.289000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-01806	date:	2025-01-20T00:00:00
db:	NVD	id:	CVE-2024-34033	date:	2025-01-30T14:32:24.690

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-01806	date:	2025-01-21T00:00:00
db:	NVD	id:	CVE-2024-34033	date:	2024-05-03T01:15:48.390