Weak Hashing Algorithm in Delta Electronics DIAEnergie Allows Password Exposure
CVE-2021-33003

5.5MEDIUM

Key Information:

Vendor

Deltaww

Status
Delta Electronics Diaenergie
Vendor
CVE Published:
30 August 2021

What is CVE-2021-33003?

Delta Electronics DIAEnergie software versions 1.7.5 and earlier are susceptible to a vulnerability that allows attackers to retrieve passwords in cleartext. This occurs due to the use of an insecure hashing algorithm, which fails to adequately protect sensitive information. Organizations using this software should take immediate steps to secure their systems and apply any available updates to mitigate the risk of unauthorized access.

Affected Version(s)

Delta Electronics DIAEnergie DIAEnergie Version 1.7.5 and prior

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.