Details of VAR-202403-0784

ID

VAR-202403-0784

CVE

CVE-2024-28029

TITLE

Delta Electronics, INC. of DIAEnergie Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-003020

DESCRIPTION

Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality. Delta Electronics, INC. of DIAEnergie Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Delta Electronics DIAEnergie is an industrial energy management system from Taiwan's Delta Electronics, used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency

Trust: 2.16

sources: NVD: CVE-2024-28029 // JVNDB: JVNDB-2024-003020 // CNVD: CNVD-2024-29664

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-29664

AFFECTED PRODUCTS

vendor:	deltaww	model:	diaenergie	scope:	lt	version:	1.10.00.005	Trust: 1.0
vendor:	delta	model:	diaenergie	scope:	eq	version:	-	Trust: 0.8
vendor:	delta	model:	diaenergie	scope:	-	version:	-	Trust: 0.8
vendor:	delta	model:	diaenergie	scope:	eq	version:	1.10.00.005	Trust: 0.8
vendor:	delta	model:	electronics diaenergie	scope:	lt	version:	1.10.00.005	Trust: 0.6

sources: CNVD: CNVD-2024-29664 // JVNDB: JVNDB-2024-003020 // NVD: CVE-2024-28029

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2024-28029
value:	HIGH
Trust: 1.8
ics-cert@hq.dhs.gov:	CVE-2024-28029
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2024-29664
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-29664
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

NVD:
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2024-28029
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-29664 // JVNDB: JVNDB-2024-003020 // NVD: CVE-2024-28029 // NVD: CVE-2024-28029

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-003020 // NVD: CVE-2024-28029

PATCH

title:

Patch for Delta Electronics DIAEnergie Authorization Issue Vulnerability (CNVD-2024-29664)

url:

https://www.cnvd.org.cn/patchinfo/show/563811

Trust: 0.6

sources: CNVD: CNVD-2024-29664

EXTERNAL IDS

db:	NVD	id:	CVE-2024-28029	Trust: 3.2
db:	ICS CERT	id:	ICSA-24-074-12	Trust: 2.4
db:	JVN	id:	JVNVU97802107	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-003020	Trust: 0.8
db:	CNVD	id:	CNVD-2024-29664	Trust: 0.6

sources: CNVD: CNVD-2024-29664 // JVNDB: JVNDB-2024-003020 // NVD: CVE-2024-28029

REFERENCES

url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu97802107/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-28029	Trust: 0.8

sources: CNVD: CNVD-2024-29664 // JVNDB: JVNDB-2024-003020 // NVD: CVE-2024-28029

SOURCES

db:	CNVD	id:	CNVD-2024-29664
db:	JVNDB	id:	JVNDB-2024-003020
db:	NVD	id:	CVE-2024-28029

LAST UPDATE DATE

2024-07-05T22:56:12.136000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-29664	date:	2024-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2024-003020	date:	2024-03-27T00:47:00
db:	NVD	id:	CVE-2024-28029	date:	2024-03-25T16:06:44.403

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-29664	date:	2024-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2024-003020	date:	2024-03-27T00:00:00
db:	NVD	id:	CVE-2024-28029	date:	2024-03-21T22:15:11.353