CVE-2021-33003 : Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to re

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.

Published 2021-08-30 18:15:09

Updated 2021-09-03 14:13:01

Source ICS-CERT

View at NVD, CVE.org

Products affected by CVE-2021-33003

Deltaww » Diaenergie
Versions up to, including, (<=) 1.7.5
cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 5 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

Assigned by: nvd@nist.gov (Primary)
CWE-916 Use of Password Hash With Insufficient Computational Effort

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

Assigned by: ics-cert@hq.dhs.gov (Secondary)

Jump to