CVE-2022-29735

HIGH

Delta Controls enteliTOUCH 3.40.3935 3.40.3706 3.33.4005 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.deltacontrols.com/
Exploit, Third Party Advisory x_refsource_misc
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5702.php

Scores

CVSS v3 8.8
EPSS 0.0094
EPSS Percentile 56.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (3)
deltacontrols/entelitouch_firmware 3.33.4005
deltacontrols/entelitouch_firmware 3.40.3706
deltacontrols/entelitouch_firmware 3.40.3935
Published Jun 02, 2022
Tracked Since Feb 18, 2026