PT-2022-13573 · Delta Electronics · Diaenergie
Michael Heinzl
·
Published
2022-03-25
·
Updated
2022-04-01
·
CVE-2022-0988
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Delta Electronics DIAEnergie versions 1.7.5 and prior
Description
The issue concerns cleartext transmission because the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.
Recommendations
For versions 1.7.5 and prior, consider configuring the web application to use HTTPS instead of HTTP to encrypt transmitted data. As a temporary workaround, restrict access to the web application to minimize the risk of exploitation.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Diaenergie