Delta Electronics DIAEnergie Path Traversal
Description
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A path traversal vulnerability in Delta Electronics DIAEnergie allows remote unauthenticated attackers to write arbitrary files, potentially leading to remote code execution.
Vulnerability
Delta Electronics DIAEnergie, an industrial energy management system, is vulnerable to a path traversal attack (CWE-37) in all versions prior to 1.9 [1]. This allows an attacker to write arbitrary files to arbitrary locations on the file system. No authentication or user interaction is required.
Exploitation
An attacker can exploit this vulnerability remotely over the network by sending specially crafted HTTP requests containing path traversal sequences (e.g., ../) to the affected service. No privileges or user interaction are needed, making the attack low complexity [1].
Impact
Successful exploitation allows the attacker to write arbitrary files to the file system. This can be leveraged to overwrite existing executables or plant malicious DLLs, potentially leading to remote code execution with high impact on confidentiality, integrity, and availability [1]. The CVSS v3 base score is 9.8.
Mitigation
Delta Electronics has released version 1.9 to address this vulnerability. Users should update to the latest version as recommended by the vendor. No workarounds have been provided [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<1.8.02.004+ 1 more
- (no CPE)range: <1.8.02.004
- (no CPE)range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.cisa.gov/uscert/ics/advisories/icsa-22-081-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.