CVE-2022-25347

CRITICAL

Delta Electronics DIAEnergie < 1.8.02.004 - Path Traversal and Arbitrary File Write

Title source: llm
STIX 2.1

Description

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.

References (1)

Core 1
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_confirm
https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01

Scores

CVSS v3 9.8
EPSS 0.0063
EPSS Percentile 70.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-37 CWE-22
Status published
Products (1)
deltaww/diaenergie < 1.8.02.004
Published Mar 29, 2022
Tracked Since Feb 18, 2026