Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DELTA_ELECTRONICS_DIALINK_JWT_KEY.NBINHistoryOct 05, 2022 - 12:00 a.m.
Delta Electronics DIALink Known Cryptographic Key Authentication Bypass (CVE-2022-2660)
2022-10-0500:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
58
delta electronics
dialink
cryptographic key
authentication bypass
cve-2022-2660
binary data
scanner
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
54.8%
The Delta Electronics DIALink running on the remote host uses a known cryptographic key. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to bypass authentication to perform otherwise restricted operations.
Binary data delta_electronics_dialink_jwt_key.nbinRelated
prion
prion
Hardcoded credentials
2022-12-13 22:15:00
zdi
zdi
ics
ics
Delta Industrial Automation DIALink
2022-08-24 12:00:00
nvd
nvd
CVE-2022-2660
2022-12-13 22:15:09
cve
cve
CVE-2022-2660
2022-12-13 22:15:09
cvelist
cvelist
CVE-2022-2660
2022-12-13 21:26:57
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
54.8%
Related for DELTA_ELECTRONICS_DIALINK_JWT_KEY.NBIN