CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32967
https://notcve.org/view.php?id=CVE-2021-32967
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. Delta Electronics DIAEnergie versiones 1.7.5 y anteriores, pueden permitir a un atacante añadir un nuevo usuario administrativo sin estar autenticado o autorizado, lo que puede permitir al atacante iniciar sesión y usar el dispositivo con privilegios administrativos. • https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33003
https://notcve.org/view.php?id=CVE-2021-33003
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. Delta Electronics DIAEnergie Versión 1.7.5 y anteriores, pueden permitir a un atacante recuperar contraseñas en texto sin cifrar debido a un algoritmo de hashing débil. • https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-916: Use of Password Hash With Insufficient Computational Effort •