Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-25347— Delta Electronics DIAEnergie Path Traversal

CVSS 9.8 · Critical EPSS 0.64% · P71
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-25347

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Delta Electronics DIAEnergie Path Traversal
Source: NVD (National Vulnerability Database)
Vulnerability Description
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
路径遍历:’/absolute/pathname/here’
Source: NVD (National Vulnerability Database)
Vulnerability Title
Delta Electronics DIAEnergie路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Delta Electronics DIAEnergie是一个工业能源管理系统,用于实时监控和分析能源消耗、计算能源消耗和负载特性、优化设备性能、改进生产流程并最大限度地提高能源效率。 Delta Electronics DIAEnergie存在安全漏洞,该漏洞源于受影响的产品容易受到路径遍历攻击。攻击者利用该漏洞将任意文件写入系统。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Delta ElectronicsDIAEnergie unspecified ~ 1.8.02.004 -

II. Public POCs for CVE-2022-25347

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-25347

登录查看更多情报信息。

Same Patch Batch · Delta Electronics · 2022-03-29 · 17 CVEs total

CVE-2022-260599.8 CRITICALDelta Electronics DIAEnergie SQL Injection in GetQueryData
CVE-2022-259809.8 CRITICALDelta Electronics DIAEnergie SQL Injection in HandlerCommon.ashx
CVE-2022-260699.8 CRITICALDelta Electronics DIAEnergie SQL Injection in HandlerPage_KID.ashx
CVE-2022-09239.8 CRITICALDelta Electronics DIAEnergie SQL Injection in HandlerDialog_KID.ashx
CVE-2022-258809.8 CRITICALDelta Electronics DIAEnergie SQL Injection in DIAE_hierarchyHandler.ashx
CVE-2022-260139.8 CRITICALDelta Electronics DIAEnergie SQL Injection in DIAE_dmdsetHandler.ashx
CVE-2022-260659.8 CRITICALDelta Electronics DIAEnergie SQL Injection in GetLatestDemandNode and GetDemandAnalysisDat
CVE-2022-263499.8 CRITICALDelta Electronics DIAEnergie SQL Injection in DIAE_eccoefficientHandler.ashx
CVE-2022-268369.8 CRITICALDelta Electronics DIAEnergie SQL Injection in HandlerExport.ashx/Calendar.ashx
CVE-2022-266669.8 CRITICALDelta Electronics DIAEnergie SQL Injection in HandlerDialogECC.ashx
CVE-2022-268879.8 CRITICALDelta Electronics DIAEnergie SQL Injection in DIAE_HandlerTag_KID.ashx
CVE-2022-265149.8 CRITICALDelta Electronics DIAEnergie SQL Injection in DIAE_tagHandler.ashx
CVE-2022-263389.8 CRITICALDelta Electronics DIAEnergie SQL Injection in DIAE_hierarchyHandler.ashx
CVE-2022-266679.8 CRITICALDelta Electronics DIAEnergie SQL Injection in GetDemandAnalysisData
CVE-2022-271759.8 CRITICALDelta Electronics DIAEnergie SQL Injection in GetCalcTagList
CVE-2022-268397.8 HIGHDelta Electronics DIAEnergie Incorrect Default Permissions

IV. Related Vulnerabilities

Same product: DIAEnergie
Same vendor: Delta Electronics
Same weakness: CWE-37

V. Comments for CVE-2022-25347

No comments yet

Leave a comment