← back
CVE-2022-26839

Delta Electronics DIAEnergie Incorrect Default Permissions

CVSS 7.8 HIGHEPSS 0.2%CWE-276
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
29 Mar 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Delta Electronics · DIAEnergie

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01