PT-2021-20001 · Delta Electronics · Diaenergie

Published

2021-08-30

Updated

2022-07-02

CVE-2021-32967

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Delta Electronics DIAEnergie versions 1.7.5 and prior

Description The issue allows an attacker to add a new administrative user without being authenticated or authorized, potentially enabling the attacker to log in and use the device with administrative privileges.

Recommendations For Delta Electronics DIAEnergie versions 1.7.5 and prior, update to a version later than 1.7.5 to prevent unauthorized addition of administrative users. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-288

Related Identifiers

CVE-2021-32967

Affected Products

Diaenergie

PT-2021-20001 · Delta Electronics · Diaenergie

CVE-2021-32967

Weakness Enumeration

Related Identifiers

Affected Products

References · 5