Main Vulnerability Database Vulnerabilities #VU56130

#VU56130 Authentication bypass using an alternate path or channel in DIAEnergie - CVE-2021-32967

Published: August 27, 2021

Vulnerability identifier: #VU56130

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-32967

CWE-ID: CWE-288

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
DIAEnergie

Software vendor:
Delta Electronics, Inc.

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exist due to improper implementation of the authentication process. A remote attacker can add a new administrative user without being authenticated or authorized and log in and use the device with administrative privileges.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsa-21-238-03

#VU56130 Authentication bypass using an alternate path or channel in DIAEnergie - CVE-2021-32967

Description

Remediation

External links

Please verify you're human