Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DELTA_ELECTRONICS_DIALINK_JWT_KEY.NBINHistoryOct 05, 2022 - 12:00 a.m.
Delta Electronics DIALink Known Cryptographic Key Authentication Bypass (CVE-2022-2660)
2022-10-0500:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
46
delta electronics
dialink
cryptographic key
authentication bypass
cve-2022-2660
binary data
scanner
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
54.9%
The Delta Electronics DIALink running on the remote host uses a known cryptographic key. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to bypass authentication to perform otherwise restricted operations.
Binary data delta_electronics_dialink_jwt_key.nbinRelated
prion
prion
Hardcoded credentials
2022-12-13 22:15:00
ics
ics
Delta Industrial Automation DIALink
2022-08-24 12:00:00
zdi
zdi
cve
cve
CVE-2022-2660
2022-12-13 22:15:09
cvelist
cvelist
CVE-2022-2660
2022-12-13 21:26:57
nvd
nvd
CVE-2022-2660
2022-12-13 22:15:09
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
54.9%
Related for DELTA_ELECTRONICS_DIALINK_JWT_KEY.NBIN