5 matches found
CVE-2022-3214
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing...
Delta Electronics DIAEnergie Hard-coded JWT Key (CVE-2022-3214)
Binary data deltaelectronicsdiaenergiecve-2022-3214.nbin...
Important: golang-github-gorilla-context
Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...
Delta Electronics DIAEnergie
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: Use of Hard-coded Credentials 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled...
CVE-2022-3214
CVE-2022-3214 affects Delta Electronics DIAEnergie. Vulnerable in DIAEnergie before version 1.9.03.009 due to CWE-798 hard-coded credentials; an unauthenticated attacker could upload executables via a hard-coded bearer authorization, enabling remote code execution. CVSS v3.1 base score 9.8 (Netwo...