var-202208-1663
Vulnerability from variot
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. Delta Electronics Provided by the company DIALink contains the following vulnerabilities: * Using hardcoded encryption keys (CWE-321) - CVE-2022-2660If the vulnerability is exploited, it may be affected as follows. It was * Sensitive encrypted data stored on the device may be decrypted by a remote third party. This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation DIALink. Authentication is not required to exploit this vulnerability.The specific flaw exists within the authorization of requests to the server. The issue results from hardcoding crytographic keys within the product. An attacker can leverage this vulnerability to bypass authentication on the system. Delta Electronics Industrial Automation DIALink is an industrial automation IoT device from Delta Electronics, Taiwan, China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1663",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dialink",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "1.4.0.0"
},
{
"model": "dialink",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "dialink",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "v1.4.0.0 and earlier"
},
{
"model": "dialink",
"scope": null,
"trust": 0.7,
"vendor": "delta",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Y4er",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1166"
}
],
"trust": 0.7
},
"cve": "CVE-2022-2660",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2660",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2660",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2660",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2660",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2660",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2660",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-2660",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2022-2660",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-3794",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
},
{
"db": "NVD",
"id": "CVE-2022-2660"
},
{
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Industrial Automation DIALink versions 1.4.0.0 and prior are\u00a0vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. Delta Electronics Provided by the company DIALink contains the following vulnerabilities: * Using hardcoded encryption keys (CWE-321) - CVE-2022-2660If the vulnerability is exploited, it may be affected as follows. It was * Sensitive encrypted data stored on the device may be decrypted by a remote third party. This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation DIALink. Authentication is not required to exploit this vulnerability.The specific flaw exists within the authorization of requests to the server. The issue results from hardcoding crytographic keys within the product. An attacker can leverage this vulnerability to bypass authentication on the system. Delta Electronics Industrial Automation DIALink is an industrial automation IoT device from Delta Electronics, Taiwan, China",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2660"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2660",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-22-235-02",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU99763068",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16889",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1166",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3794",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-2660",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"db": "VULMON",
"id": "CVE-2022-2660"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
},
{
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"id": "VAR-202208-1663",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6926407
},
"last_update_date": "2024-08-14T14:37:20.383000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Contact\u00a0Us",
"trust": 0.8,
"url": "https://www.deltaww.com/en/customerService"
},
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-02"
},
{
"title": "Delta Electronics Industrial Automation DIALink Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=217984"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-321",
"trust": 1.0
},
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded encryption keys (CWE-321) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-02"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99763068/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2660"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2660/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-235-02"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"db": "VULMON",
"id": "CVE-2022-2660"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
},
{
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"db": "VULMON",
"id": "CVE-2022-2660"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
},
{
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-24T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"date": "2022-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"date": "2022-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3794"
},
{
"date": "2022-12-13T22:15:09.910000",
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-24T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1166"
},
{
"date": "2024-05-31T09:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-002361"
},
{
"date": "2022-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3794"
},
{
"date": "2023-11-07T03:46:50.010000",
"db": "NVD",
"id": "CVE-2022-2660"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta\u00a0Electronics\u00a0 Made \u00a0DIALink\u00a0 Vulnerability of using hard-coded encryption keys in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002361"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3794"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…