CVE-2021-38424
MEDIUMDelta Electronics DIALink <1.2.4.0 - Code Injection
Title source: llmDescription
The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02
Scores
CVSS v3
5.9
EPSS
0.0048
EPSS Percentile
37.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Details
CWE
CWE-1236
Status
published
Products (1)
deltaww/dialink
< 1.2.4.0
Published
Nov 03, 2021
Tracked Since
Feb 18, 2026