CVE-2022-26839

HIGH

Delta Electronics DIAEnergie <1.8.02.004 - Code Injection

Title source: llm
STIX 2.1

Description

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.

References (1)

Core 1
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_confirm
https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01

Scores

CVSS v3 7.8
EPSS 0.0004
EPSS Percentile 13.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-276
Status published
Products (1)
deltaww/diaenergie < 1.8.02.004
Published Mar 29, 2022
Tracked Since Feb 18, 2026