CVE-2022-1098 HIGH

CVE-2022-1098: Delta Electronics DIAEnergie Uncontrolledly Search Path Element

Vendor Diaenerrgie
Product DIAEnergie
Weakness CWE-427
Published April 1, 2022
Last update April 16, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges

Key dates

02Disclosure timeline

April 1, 2022 CVE published
April 16, 2025 Record updated