CVE-2022-3214

Summary

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 

1.9.03.009

have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.

Affected Software

VendorProductVersion RangeStatus
Delta ElectronicsDIAEnergyall < 1.9.03.009affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CVE Program Container

Additional References

References