CVE-2022-29733

Vulnerability

Delta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, and 3.33.4005 [1] transmit and store sensitive information, including HTTP Cookie authentication credentials, in cleartext. No special configuration or user interaction is required to reach the vulnerable code path; the transmission occurs by default during normal operation.

Exploitation

An attacker with network access (e.g., on the same local network or via compromised network infrastructure) can perform a man-in-the-middle attack to intercept HTTP traffic between the enteliTOUCH device and authenticated users. By capturing HTTP cookie headers, the attacker gains valid authentication credentials [1].

Impact

Successful exploitation allows the attacker to impersonate legitimate users and gain unauthorized access to the enteliTOUCH system. This could lead to disclosure of sensitive building control data and potential manipulation of HVAC or other building automation functions, depending on the privileges associated with the intercepted credentials.

Mitigation

No mitigation or fix has been disclosed in the available references [1] as of the publication date. Users should monitor vendor updates and consider network-level controls such as isolation and encryption to reduce risk.