ICSA-22-298-06 · Published 2023-02-16 · View on CISA ICS-CERT ↗

Delta Electronics DIAEnergie

CVSS 8.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to inject arbitrary code to retrieve and modify database contents and execute system commands.

CVEs (14)

CVE-2022-41701 CVE-2022-40965 CVE-2022-41555 CVE-2022-41702 CVE-2022-41651 CVE-2022-40967 CVE-2022-41133 CVE-2022-41773 CVE-2022-41775 CVE-2022-43447 CVE-2022-43506 CVE-2022-43457 CVE-2022-43452 CVE-2023-0822

Remediations

Delta did not publicly release v1.9.01.002, v1.9.02.001, and v1.9.03.001, which address these vulnerabilities. Users are encouraged to contact Delta to receive these updates.

Affected Vendors

Delta Electronics

Affected Products (3)

Delta Electronics · DIAEnergie < 1.9.01.002

Delta Electronics · DIAEnergie < 1.9.02.001

Delta Electronics · DIAEnergie < 1.9.03.001

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more