CVE-2022-26839— Delta Electronics DIAEnergie Incorrect Default Permissions
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-26839
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Delta Electronics DIAEnergie Incorrect Default Permissions
Source: NVD (National Vulnerability Database)
Vulnerability Description
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
缺省权限不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Delta Electronics DIAEnergie 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Delta Electronics DIAEnergie是一个工业能源管理系统,用于实时监控和分析能源消耗、计算能源消耗和负载特性、优化设备性能、改进生产流程并最大限度地提高能源效率。 Delta Electronics DIAEnergie 存在安全漏洞,该漏洞源于受到DIAEnergie应用程序中不正确的默认权限的攻击。攻击者利用该漏洞植入新文件(如DLL)或替换现有的可执行文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Delta Electronics | DIAEnergie | unspecified ~ 1.8.02.004 | - |
II. Public POCs for CVE-2022-26839
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-26839
请登录查看更多情报信息。
- Delta Electronics DIAEnergie (Update C) | CISAx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2022-26839
Same Patch Batch · Delta Electronics · 2022-03-29 · 17 CVEs total
| CVE-2022-26059 | 9.8 CRITICAL | Delta Electronics DIAEnergie SQL Injection in GetQueryData |
| CVE-2022-25980 | 9.8 CRITICAL | Delta Electronics DIAEnergie SQL Injection in HandlerCommon.ashx |
| CVE-2022-25347 | 9.8 CRITICAL | Delta Electronics DIAEnergie Path Traversal |
| CVE-2022-26069 | 9.8 CRITICAL | Delta Electronics DIAEnergie SQL Injection in HandlerPage_KID.ashx |
| CVE-2022-0923 | 9.8 CRITICAL | Delta Electronics DIAEnergie SQL Injection in HandlerDialog_KID.ashx |
| CVE-2022-25880 | 9.8 CRITICAL | Delta Electronics DIAEnergie SQL Injection in DIAE_hierarchyHandler.ashx |
| CVE-2022-26013 | 9.8 CRITICAL | Delta Electronics DIAEnergie SQL Injection in DIAE_dmdsetHandler.ashx |
| CVE-2022-26065 | 9.8 CRITICAL | Delta Electronics DIAEnergie SQL Injection in GetLatestDemandNode and GetDemandAnalysisDat |
| CVE-2022-26349 | 9.8 CRITICAL | Delta Electronics DIAEnergie SQL Injection in DIAE_eccoefficientHandler.ashx |
| CVE-2022-26836 | 9.8 CRITICAL | Delta Electronics DIAEnergie SQL Injection in HandlerExport.ashx/Calendar.ashx |
| CVE-2022-26666 | 9.8 CRITICAL | Delta Electronics DIAEnergie SQL Injection in HandlerDialogECC.ashx |
| CVE-2022-26887 | 9.8 CRITICAL | Delta Electronics DIAEnergie SQL Injection in DIAE_HandlerTag_KID.ashx |
| CVE-2022-26514 | 9.8 CRITICAL | Delta Electronics DIAEnergie SQL Injection in DIAE_tagHandler.ashx |
| CVE-2022-26338 | 9.8 CRITICAL | Delta Electronics DIAEnergie SQL Injection in DIAE_hierarchyHandler.ashx |
| CVE-2022-26667 | 9.8 CRITICAL | Delta Electronics DIAEnergie SQL Injection in GetDemandAnalysisData |
| CVE-2022-27175 | 9.8 CRITICAL | Delta Electronics DIAEnergie SQL Injection in GetCalcTagList |
IV. Related Vulnerabilities
Same product: DIAEnergie
Same vendor: Delta Electronics
- CVE-2026-1361
ASDA-Soft Stack-based Buffer Overflow Vulnerability - CVE-2026-0975
DIAView - Command Injection Vulnerability - CVE-2025-62581
DIAView - Authentication Bypass Vulnerability - CVE-2025-62582
DIAView - Authentication Bypass Vulnerability - CVE-2025-15359
DVP-12SE11T - Out-of-bound memory write Vulnerability
Same weakness: CWE-276
- CVE-2026-0539
Local Privilege Escalation in pcvisit service client - CVE-2026-6823
HKUDS OpenHarness Insecure Default Remote Channel Allowlist - CVE-2026-6819
HKUDS OpenHarness Plugin Management Command Exposure - CVE-2026-39454
SKYSEA Client View 安全漏洞 - CVE-2026-30811
Missing Authorization in Configuration Ajax Endpoint leads t
V. Comments for CVE-2022-26839
No comments yet