ICSA-22-081-01 · Published 2022-04-28 · View on CISA ICS-CERT ↗

Delta Electronics DIAEnergie (Update C)

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow remote code execution, causing a user to carry out an action unintentionally.

CVEs (29)

CVE-2022-25347 CVE-2022-26839 CVE-2022-26667 CVE-2022-1098 CVE-2022-26349 CVE-2022-26013 CVE-2022-26836 CVE-2022-0923 CVE-2022-26059 CVE-2022-26069 CVE-2022-27175 CVE-2022-25980 CVE-2022-26338 CVE-2022-26065 CVE-2022-26666 CVE-2022-26887 CVE-2022-25880 CVE-2022-26514 CVE-2022-1366 CVE-2022-1367 CVE-2022-1378 CVE-2022-1377 CVE-2022-1376 CVE-2022-1375 CVE-2022-1374 CVE-2022-1372 CVE-2022-1371 CVE-2022-1370 CVE-2022-1369

Remediations

Delta Electronics has fixed the reported vulnerabilities and recommends users upgrade to version 1.9 or later
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
Locate control system networks and remote devices behind firewalls and isolate them from the business network.
Use an application firewall that can detect attacks against “Path Traversal” and “SQL Injection” weakness.
Never connect programming software to any network other than the network intended for that device.
When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing a VPN is only as secure as its connected devices

Affected Vendors

Delta Electronics

Affected Products (1)

Delta Electronics · DIAEnergie < 1.9

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more