CVE-2021-38424: Delta Electronics DIALink
First published: Thu Oct 21 2021(Updated: )
The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Deltaww Dialink | <=1.2.4.0 | |
| Delta Electronics DIALink | <=1.2.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-38424.
What is the affected software?
The affected software is Delta Electronics DIALink versions 1.2.4.0 and prior.
What is the severity level of CVE-2021-38424?
The severity level of CVE-2021-38424 is high with a CVSS score of 7.8.
What is the CWE ID of CVE-2021-38424?
The CWE ID of CVE-2021-38424 is 1236.
How can I fix CVE-2021-38424?
To fix CVE-2021-38424, it is recommended to update Delta Electronics DIALink to a version higher than 1.2.4.0.
- collector/nvd-index
- agent/type
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/title
- agent/first-publish-date
- agent/event
- agent/tags
- agent/trending
- vendor/deltaww
- canonical/deltaww dialink
- version/deltaww dialink/1.2.4.0
- vendor/delta electronics
- canonical/delta electronics dialink
- version/delta electronics dialink/1.2.4.0