CVE-2022-3214

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions DIAEnergie versions prior to 1.9.03.009

Description The issue is related to the use of hard-coded credentials in the DIAEnergie industrial energy management system. This allows a remote attacker to execute arbitrary code by uploading executable files to certain directories using hard-coded bearer authorization.

Recommendations For versions prior to 1.9.03.009, update to version 1.9.03.009 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable directories to minimize the risk of exploitation. Avoid using hard-coded bearer authorization in the affected system until the issue is resolved.

Fix

RCE

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

BDU:2023-03081

CVE-2022-3214

ZDI-22-1453

ZDI-23-1529

ZDI-23-1530

ZDI-23-1531

Affected Products

Diaenergie

CVE-2022-3214

Weakness Enumeration

Related Identifiers

Affected Products

References · 12