CVE-2022-2969

ICSA-22-307-03 Delta Industrial Automation DIALink Path traversal

Description

Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory.

Remediation

Solution:

Delta Industrial Automation has created v1.5.0.0 Beta 4 to address this vulnerability. Delta Industrial Automation will not make this update an official release; users may obtain this updated version via Delta field application engineering (FAEs) or contacting Delta Industrial Automation directly.

References

Link	Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-03	third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2022-2969?: CVE-2022-2969 has been scored as a high severity vulnerability.
How to fix CVE-2022-2969?: To fix CVE-2022-2969: Delta Industrial Automation has created v1.5.0.0 Beta 4 to address this vulnerability. Delta Industrial Automation will not make this update an official release; users may obtain this updated version via Delta field application engineering (FAEs) or contacting Delta Industrial Automation directly.
Is CVE-2022-2969 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-2969 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-2969?: CVE-2022-2969 affects Delta Industrial Automation DIALink.

Description

Remediation

Category

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References

Frequently Asked Questions