What is the vulnerability ID?

The vulnerability ID is CVE-2022-2969.

What is the affected software?

The affected software is Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4.

What is the severity of CVE-2022-2969?

The severity of CVE-2022-2969 is high with a CVSS score of 7.5.

Is there a fix available for CVE-2022-2969?

Yes, the fix for CVE-2022-2969 is to update to Delta Industrial Automation DIALink version 1.5.0.0 Beta 4 or later.

Vulnerability/
CVE-2022-2969

high

8.1

CWE

1/12/2022

3/8/2024

CVE-2022-2969: ICSA-22-307-03 Delta Industrial Automation DIALink Path traversal

Q: How does CVE-2022-2969 exploit the software?

CVE-2022-2969 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname.

First published: Thu Dec 01 2022(Updated: )

Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Deltaww Dialink	<1.5.0.0
Deltaww Dialink	=1.5.0.0-beta3
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4

Remedy

Delta Industrial Automation has created v1.5.0.0 Beta 4 to address this vulnerability. Delta Industrial Automation will not make this update an official release; users may obtain this updated version via Delta field application engineering (FAEs) or contacting Delta Industrial Automation directly.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-22-307-03

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2022-2969.
What is the affected software?
The affected software is Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4.
What is the severity of CVE-2022-2969?
The severity of CVE-2022-2969 is high with a CVSS score of 7.5.
How does CVE-2022-2969 exploit the software?
CVE-2022-2969 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname.
Is there a fix available for CVE-2022-2969?
Yes, the fix for CVE-2022-2969 is to update to Delta Industrial Automation DIALink version 1.5.0.0 Beta 4 or later.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/title
agent/remedy
agent/weakness
agent/first-publish-date
agent/description
agent/severity
agent/references
agent/event
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
agent/trending
vendor/deltaww
canonical/deltaww dialink
version/deltaww dialink/1.5.0.0-beta3
vendor/delta industrial automation
canonical/delta industrial automation dialink versions prior to v1.5.0.0 beta 4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.