Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by deltacontrols
VAR-201908-0255
Vulnerability from variot - Updated: 2023-12-18 13:56Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors. Delta Controls enteliBUS Manager Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Delta Controls enteliBUS Manager is a programmable BACnet (communication protocol for smart buildings) controller from Delta Controls, Canada. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0255",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "entelibus",
"scope": "eq",
"trust": 1.0,
"vendor": "deltacontrols",
"version": "3.40_b-571848"
},
{
"model": "entelibus",
"scope": "eq",
"trust": 0.8,
"vendor": "delta controls",
"version": "3.40_b-571848"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008743"
},
{
"db": "NVD",
"id": "CVE-2019-9569"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:deltacontrols:entelibus_firmware:3.40_b-571848:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:deltacontrols:entelibus:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9569"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Douglas McKee @fulmetalpackets and contributing researcher Mark Bereza @ROPsicle of McAfee Advanced Threat Research",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1942"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9569",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-9569",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-161004",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9569",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9569",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-1942",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-161004",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161004"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008743"
},
{
"db": "NVD",
"id": "CVE-2019-9569"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1942"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors. Delta Controls enteliBUS Manager Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Delta Controls enteliBUS Manager is a programmable BACnet (communication protocol for smart buildings) controller from Delta Controls, Canada. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9569"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008743"
},
{
"db": "VULHUB",
"id": "VHN-161004"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9569",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-19-239-01",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008743",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1942",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3249",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "44188",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-161004",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161004"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008743"
},
{
"db": "NVD",
"id": "CVE-2019-9569"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1942"
}
]
},
"id": "VAR-201908-0255",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-161004"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:56:38.270000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "enteliBUS",
"trust": 0.8,
"url": "https://www.deltacontrols.com/products/hvac-controls/central-plant-controllers/entelibus"
},
{
"title": "Delta Controls enteliBUS Manager Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97426"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008743"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1942"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161004"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008743"
},
{
"db": "NVD",
"id": "CVE-2019-9569"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/hvacking-understanding-the-delta-between-security-and-reality/"
},
{
"trust": 1.7,
"url": "https://www.deltacontrols.com/products/hvac-controls/central-plant-controllers/entelibus"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-239-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9569"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9569"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/44188"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3249/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161004"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008743"
},
{
"db": "NVD",
"id": "CVE-2019-9569"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1942"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-161004"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008743"
},
{
"db": "NVD",
"id": "CVE-2019-9569"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1942"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-26T00:00:00",
"db": "VULHUB",
"id": "VHN-161004"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008743"
},
{
"date": "2019-08-26T20:15:10.127000",
"db": "NVD",
"id": "CVE-2019-9569"
},
{
"date": "2019-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1942"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-161004"
},
{
"date": "2019-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008743"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-9569"
},
{
"date": "2019-09-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1942"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1942"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Controls enteliBUS Manager Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008743"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1942"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1942"
}
],
"trust": 0.6
}
}
VAR-202206-0167
Vulnerability from variot - Updated: 2023-12-18 13:00Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Delta Controls enteliTOUCH is a touch screen building controller from Delta Controls, Canada. The vulnerability stems from the fact that the Username parameter lacks data validation filtering for user-provided data and output. enteliTOUCH - Touchscreen Building Controller. Get instantaccess to the heart of your BAS. The enteliTOUCH has a 7-inch,high-resolution display that serves as an interface to your building.Use it as your primary interface for smaller facilities or as anon-the-spot access point for larger systems. The intuitive,easy-to-navigate interface gives instant access to manage your BAS.Input passed to the POST parameter 'Username' is not properlysanitised before being returned to the user. This can be exploitedto execute arbitrary HTML code in a user's browser session in contextof an affected site.Tested on: DELTA enteliTOUCH
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0167",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "entelitouch",
"scope": "eq",
"trust": 1.0,
"vendor": "deltacontrols",
"version": "3.40.3706"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 1.0,
"vendor": "deltacontrols",
"version": "3.40.3935"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 1.0,
"vendor": "deltacontrols",
"version": "3.33.4005"
},
{
"model": "entelitouch",
"scope": null,
"trust": 0.8,
"vendor": "delta controls",
"version": null
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 0.8,
"vendor": "delta controls",
"version": "entelitouch firmware 3.40.3935"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 0.8,
"vendor": "delta controls",
"version": "entelitouch firmware 3.33.4005"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 0.8,
"vendor": "delta controls",
"version": "entelitouch firmware 3.40.3706"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 0.8,
"vendor": "delta controls",
"version": null
},
{
"model": "controls dentelitouch",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "3.40.3935"
},
{
"model": "controls dentelitouch",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "3.40.3706"
},
{
"model": "controls dentelitouch",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "3.33.4005"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 0.1,
"vendor": "delta controls",
"version": "3.40.3935"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 0.1,
"vendor": "delta controls",
"version": "3.40.3706"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 0.1,
"vendor": "delta controls",
"version": "3.33.4005"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"db": "NVD",
"id": "CVE-2022-29732"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:deltacontrols:entelitouch_firmware:3.40.3935:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:deltacontrols:entelitouch_firmware:3.40.3706:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:deltacontrols:entelitouch_firmware:3.33.4005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:deltacontrols:entelitouch:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29732"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5703"
}
],
"trust": 0.1
},
"cve": "CVE-2022-29732",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-29732",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-77000",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-29732",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-29732",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-77000",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-260",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2022-5703",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"db": "NVD",
"id": "CVE-2022-29732"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Delta Controls enteliTOUCH is a touch screen building controller from Delta Controls, Canada. The vulnerability stems from the fact that the Username parameter lacks data validation filtering for user-provided data and output. enteliTOUCH - Touchscreen Building Controller. Get instantaccess to the heart of your BAS. The enteliTOUCH has a 7-inch,high-resolution display that serves as an interface to your building.Use it as your primary interface for smaller facilities or as anon-the-spot access point for larger systems. The intuitive,easy-to-navigate interface gives instant access to manage your BAS.Input passed to the POST parameter \u0027Username\u0027 is not properlysanitised before being returned to the user. This can be exploitedto execute arbitrary HTML code in a user\u0027s browser session in contextof an affected site.Tested on: DELTA enteliTOUCH",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29732"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"db": "VULMON",
"id": "CVE-2022-29732"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/entelitouch_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5703"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-29732",
"trust": 4.0
},
{
"db": "ZSL",
"id": "ZSL-2022-5703",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010888",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-77000",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-260",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022040065",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "50879",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166728",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-29732",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "VULMON",
"id": "CVE-2022-29732"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"db": "NVD",
"id": "CVE-2022-29732"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
}
]
},
"id": "VAR-202206-0167",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-77000"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-77000"
}
]
},
"last_update_date": "2023-12-18T13:00:47.429000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Delta Controls enteliTOUCH cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/346031"
},
{
"title": "Delta Controls enteliTOUCH Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=195738"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"db": "NVD",
"id": "CVE-2022-29732"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.deltacontrols.com/"
},
{
"trust": 2.5,
"url": "https://www.zeroscience.mk/en/vulnerabilities/zsl-2022-5703.php"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29732"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-29732/"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/166728/delta-controls-entelitouch-3.40.3935-cross-site-scripting.html"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/50879"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224333"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2022040065"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2022-29732"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "VULMON",
"id": "CVE-2022-29732"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"db": "NVD",
"id": "CVE-2022-29732"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "VULMON",
"id": "CVE-2022-29732"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"db": "NVD",
"id": "CVE-2022-29732"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-14T00:00:00",
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"date": "2022-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29732"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"date": "2022-06-02T14:15:50.910000",
"db": "NVD",
"id": "CVE-2022-29732"
},
{
"date": "2022-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-260"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-29T00:00:00",
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"date": "2022-11-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29732"
},
{
"date": "2023-08-17T08:34:00",
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"date": "2022-06-10T14:05:42.590000",
"db": "NVD",
"id": "CVE-2022-29732"
},
{
"date": "2022-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-260"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Controls enteliTOUCH cross-site scripting vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
}
],
"trust": 0.6
}
}