CVE-2021-38424

MEDIUM

Delta Electronics DIALink <1.2.4.0 - Code Injection

Title source: llm

Description

The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.

References (1)

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02

Scores

CVSS v3 5.9

EPSS 0.0011

EPSS Percentile 29.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Details

CWE

CWE-1236

Status published

Products (1)

deltaww/dialink < 1.2.4.0

Published Nov 03, 2021

Tracked Since Feb 18, 2026