Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiY4erZDI-23-671
HistoryMay 17, 2023 - 12:00 a.m.

Delta Industrial Automation DIALink Directory Traversal Arbitrary File Creation Vulnerability

2023-05-1700:00:00
Y4er
www.zerodayinitiative.com
7
remote attack
arbitrary file creation
authentication bypass
opcua endpoint
web service
tcp port 5000

0.001 Low

EPSS

Percentile

46.5%

JSON

This vulnerability allows remote attackers to create arbitrary files on affected installations of Delta Industrial Automation DIALink. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the opcua endpoint of the web service, which listens on TCP port 5000 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of the web service.

Related

ics 1
prion 1
cvelist 1
nvd 1
cve 1
thn 1
ics
ics
Delta Industrial Automation DIALink
2022-11-03 12:00:00
prion
prion
Design/Logic Flaw
2022-12-01 18:15:00
cvelist
cvelist
CVE-2022-2969 ICSA-22-307-03 Delta Industrial Automation DIALink Path traversal
2022-12-01 17:08:19
nvd
nvd
CVE-2022-2969
2022-12-01 18:15:10
cve
cve
CVE-2022-2969
2022-12-01 18:15:10
thn
thn
CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software
2022-11-04 10:01:00

0.001 Low

EPSS

Percentile

46.5%

JSON
Related for ZDI-23-671
ics1prion1cvelist1nvd1cve1thn1