← back
CVE-2021-38424

Delta Electronics DIALink

CVSS 5.9 MEDIUMEPSS 0.5%CWE-1236
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.9EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
03 Nov 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Affected products
Delta Electronics · DIALink

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02