CVE-2022-29733
MEDIUMDelta Controls enteliTOUCH 3.40.3935 3.40.3706 3.33.4005 - Cleartext Transmission of Sensitive Information
Title source: llmDescription
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.deltacontrols.com/
Exploit, Third Party Advisory x_refsource_misc
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5704.php
Scores
CVSS v3
5.9
EPSS
0.0066
EPSS Percentile
46.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (3)
deltacontrols/entelitouch_firmware
3.33.4005
deltacontrols/entelitouch_firmware
3.40.3706
deltacontrols/entelitouch_firmware
3.40.3935
Published
Jun 02, 2022
Tracked Since
Feb 18, 2026