Sign-up

ID

VAR-202111-0278


CVE

CVE-2021-38403


TITLE

Delta Electronics DIALink  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014634

DESCRIPTION

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code. Delta Electronics DIALink Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. DIALink is a device networking platform launched by Delta Electronics, which can effectively manage CNC machine tools and PLC control machines, collect field device data and connect with the upper management platform through a unified interface, and provide visual information to reflect process parameters and equipment work. state. DIALink 1.2.4.0 and earlier versions have a cross-site scripting vulnerability

Trust: 2.16

sources: NVD: CVE-2021-38403 // JVNDB: JVNDB-2021-014634 // CNVD: CNVD-2021-84839

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-84839

AFFECTED PRODUCTS

vendor:deltawwmodel:dialinkscope:lteversion:1.2.4.0

Trust: 1.0

vendor:deltamodel:dialinkscope:eqversion: -

Trust: 0.8

vendor:deltamodel:dialinkscope:lteversion:1.2.4.0 and earlier

Trust: 0.8

vendor:deltamodel:electronics dialinkscope:lteversion:<=1.2.4.0

Trust: 0.6

sources: CNVD: CNVD-2021-84839 // JVNDB: JVNDB-2021-014634 // NVD: CVE-2021-38403

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-38403
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-38403
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-38403
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-84839
value: LOW

Trust: 0.6

CNNVD: CNNVD-202110-1541
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2021-38403
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-84839
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-38403
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-38403
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2021-38403
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-84839 // JVNDB: JVNDB-2021-014634 // CNNVD: CNNVD-202110-1541 // NVD: CVE-2021-38403 // NVD: CVE-2021-38403

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-014634 // NVD: CVE-2021-38403

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1541

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202110-1541

PATCH

title:Top Pageurl:https://www.deltaww.com/en-US/index

Trust: 0.8

sources: JVNDB: JVNDB-2021-014634

EXTERNAL IDS

db:NVDid:CVE-2021-38403

Trust: 3.8

db:ICS CERTid:ICSA-21-294-02

Trust: 3.0

db:JVNid:JVNVU94767496

Trust: 0.8

db:JVNDBid:JVNDB-2021-014634

Trust: 0.8

db:CNVDid:CNVD-2021-84839

Trust: 0.6

db:AUSCERTid:ESB-2021.3528

Trust: 0.6

db:CS-HELPid:SB2021102209

Trust: 0.6

db:CNNVDid:CNNVD-202110-1541

Trust: 0.6

sources: CNVD: CNVD-2021-84839 // JVNDB: JVNDB-2021-014634 // CNNVD: CNNVD-202110-1541 // NVD: CVE-2021-38403

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02

Trust: 2.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-38403

Trust: 1.4

url:https://jvn.jp/vu/jvnvu94767496/

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-294-02

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021102209

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3528

Trust: 0.6

sources: CNVD: CNVD-2021-84839 // JVNDB: JVNDB-2021-014634 // CNNVD: CNNVD-202110-1541 // NVD: CVE-2021-38403

CREDITS

Michael Heinzl reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202110-1541

SOURCES

db:CNVDid:CNVD-2021-84839
db:JVNDBid:JVNDB-2021-014634
db:CNNVDid:CNNVD-202110-1541
db:NVDid:CVE-2021-38403

LAST UPDATE DATE

2024-08-14T13:53:51.211000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-84839date:2022-01-18T00:00:00
db:JVNDBid:JVNDB-2021-014634date:2022-10-21T07:58:00
db:CNNVDid:CNNVD-202110-1541date:2021-11-16T00:00:00
db:NVDid:CVE-2021-38403date:2021-11-05T13:43:49.683

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-84839date:2021-11-08T00:00:00
db:JVNDBid:JVNDB-2021-014634date:2022-10-21T00:00:00
db:CNNVDid:CNNVD-202110-1541date:2021-10-21T00:00:00
db:NVDid:CVE-2021-38403date:2021-11-03T20:15:08.397