Lucene search

IcscertVULNRICHMENT:CVE-2024-28029

HistoryMar 21, 2024 - 10:04 p.m.

CVE-2024-28029 Delta Electronics DIAEnergie Improper Authorization

2024-03-2122:04:57

CWE-285

icscert

github.com

delta electronics

diaenergie

improper authorization

privileges verification

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:deltaww:diaenergie:-:*:*:*:*:*:*:*"
    ],
    "vendor": "deltaww",
    "product": "diaenergie",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.10.00.005",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-074-12

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-28029