cvelist/2022/0xxx/CVE-2022-0988.json

{
    "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2022-03-22T17:29:00.000Z",
        "ID": "CVE-2022-0988",
        "STATE": "PUBLIC",
        "TITLE": "Delta Electronics DIAEnergie CLEARTEXT Transmission of Sensitive Information"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "DIAEnergie",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "1.7.5"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Delta Electronics"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Michael Heinzl reported these vulnerabilities to CISA."
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-319 Cleartext Transmission of Sensitive Information"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03",
                "refsource": "CONFIRM",
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "Delta Electronics has released an updated version of DIAEnergie and recommends users install v1.8.0 and later on all affected systems."
        }
    ],
    "source": {
        "advisory": "ICSA-21-238-03",
        "discovery": "UNKNOWN"
    }
}
"-Synchronized-Data." 2022-03-15 15:01:34 +00:00			`{`
			`"CVE_data_meta": {`
"-Synchronized-Data." 2022-03-25 19:01:20 +00:00			`"ASSIGNER": "ics-cert@hq.dhs.gov",`
			`"DATE_PUBLIC": "2022-03-22T17:29:00.000Z",`
"-Synchronized-Data." 2022-03-15 15:01:34 +00:00			`"ID": "CVE-2022-0988",`
"-Synchronized-Data." 2022-03-25 19:01:20 +00:00			`"STATE": "PUBLIC",`
			`"TITLE": "Delta Electronics DIAEnergie CLEARTEXT Transmission of Sensitive Information"`
"-Synchronized-Data." 2022-03-15 15:01:34 +00:00			`},`
"-Synchronized-Data." 2022-03-25 19:01:20 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "DIAEnergie",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_value": "1.7.5"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Delta Electronics"`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "Michael Heinzl reported these vulnerabilities to CISA."`
			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2022-03-15 15:01:34 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-03-25 19:01:20 +00:00			`"value": "Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product."`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 7.1,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "LOW",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "REQUIRED",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-319 Cleartext Transmission of Sensitive Information"`
			`}`
			`]`
"-Synchronized-Data." 2022-03-15 15:01:34 +00:00			`}`
			`]`
"-Synchronized-Data." 2022-03-25 19:01:20 +00:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03",`
			`"refsource": "CONFIRM",`
			`"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03"`
			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "Delta Electronics has released an updated version of DIAEnergie and recommends users install v1.8.0 and later on all affected systems."`
			`}`
			`],`
			`"source": {`
			`"advisory": "ICSA-21-238-03",`
			`"discovery": "UNKNOWN"`
"-Synchronized-Data." 2022-03-15 15:01:34 +00:00			`}`
			`}`