Details of VAR-202508-2118

ID

VAR-202508-2118

CVE

CVE-2025-57702

TITLE

Delta Electronics, INC. of DIAEnergie Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-012090

DESCRIPTION

DIAEnergie - Reflected Cross-site Scripting. Delta Electronics, INC. It is used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency. Delta Electronics DIAEnergie suffers from a cross-site scripting vulnerability caused by improper validation of user-supplied input. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2025-57702 // JVNDB: JVNDB-2025-012090 // CNVD: CNVD-2025-22955

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-22955

AFFECTED PRODUCTS

vendor:	deltaww	model:	diaenergie	scope:	lt	version:	1.11.01.001	Trust: 1.0
vendor:	delta	model:	diaenergie	scope:	-	version:	-	Trust: 0.8
vendor:	delta	model:	diaenergie	scope:	eq	version:	1.11.01.001	Trust: 0.8
vendor:	delta	model:	diaenergie	scope:	eq	version:	-	Trust: 0.8
vendor:	delta	model:	electronics diaenergie	scope:	lte	version:	<=1.11.00.002	Trust: 0.6

sources: CNVD: CNVD-2025-22955 // JVNDB: JVNDB-2025-012090 // NVD: CVE-2025-57702

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-57702
value:	MEDIUM
Trust: 1.0
759f5e80-c8e1-4224-bead-956d7b33c98b:	CVE-2025-57702
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2025-57702
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-22955
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-22955
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2025-57702
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2025-57702
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-22955 // JVNDB: JVNDB-2025-012090 // NVD: CVE-2025-57702 // NVD: CVE-2025-57702

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-012090 // NVD: CVE-2025-57702

PATCH

title:

Patch for Delta Electronics DIAEnergie Cross-Site Scripting Vulnerability (CNVD-2025-22955)

url:

https://www.cnvd.org.cn/patchInfo/show/738746

Trust: 0.6

sources: CNVD: CNVD-2025-22955

EXTERNAL IDS

db:	NVD	id:	CVE-2025-57702	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-012090	Trust: 0.8
db:	CNVD	id:	CNVD-2025-22955	Trust: 0.6

sources: CNVD: CNVD-2025-22955 // JVNDB: JVNDB-2025-012090 // NVD: CVE-2025-57702

REFERENCES

url:	https://filecenter.deltaww.com/news/download/doc/delta-pcsa-2025-00012_diaenergie%20cross-site%20scripting%20vulnerabilities.pdf	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2025-57702	Trust: 0.8

sources: CNVD: CNVD-2025-22955 // JVNDB: JVNDB-2025-012090 // NVD: CVE-2025-57702

SOURCES

db:	CNVD	id:	CNVD-2025-22955
db:	JVNDB	id:	JVNDB-2025-012090
db:	NVD	id:	CVE-2025-57702

LAST UPDATE DATE

2025-09-30T23:20:24.099000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-22955	date:	2025-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2025-012090	date:	2025-08-22T06:02:00
db:	NVD	id:	CVE-2025-57702	date:	2025-08-21T14:32:08.467

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-22955	date:	2025-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2025-012090	date:	2025-08-22T00:00:00
db:	NVD	id:	CVE-2025-57702	date:	2025-08-18T07:15:29.447