CVE-2022-29733

Name of the Vulnerable Software and Affected Versions Delta Controls enteliTOUCH versions 3.33.4005, 3.40.3706, 3.40.3935

Description The issue allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack because sensitive information is transmitted and stored in cleartext.

Recommendations For versions 3.33.4005, 3.40.3706, and 3.40.3935, consider disabling HTTP authentication until a patch is available to prevent man-in-the-middle attacks. Restrict access to sensitive information to minimize the risk of exploitation. Avoid using cleartext storage for sensitive data until the issue is resolved.