First published: Thu Mar 21 2024(Updated: )
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
DIAEnergie |
Delta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-25567 is classified as a high-severity vulnerability due to its potential for arbitrary file overwrite and sensitive data exposure.
To fix CVE-2024-25567, ensure that input validation is implemented to prevent path traversal and restrict file write operations to intended directories.
CVE-2024-25567 affects the Delta Electronics DIAEnergie software.
The risks include unauthorized access to sensitive information and the potential for data loss through file overwriting.
As of now, there is no public indication that CVE-2024-25567 is actively being exploited in the wild.