XenonStack Recommends

Security Intelligence

Delta CVE-2022-25880 and Sophos CVE-2022-1040 Vulnerabilities

Parveen Bhandari | 12 August 2022

Subscription

XenonStack White Arrow

Thanks for submitting the form.

What is CVE-2022-25880?

Delta Electronics DIAEnergie Vulnerability

A vulnerability reported as critical was found in Delta Electronics DIAEnergie.This flaw affects some unidentified processing in the DIAE hierarchyHandler.ashx file. An SQL injection vulnerability is created by manipulating an unknown input. CWE-89 is the CWE definition for vulnerability. It has a recognization to have an impact on availability, integrity, and secrecy. An attacker may be able to inject or update current SQL statements, affecting database exchange.

The vulnerability was identified as icsa-22-081-01 on March 30, 2022. Exploitation appears to be challenging. The attack can be launched from afar. Successful exploitation does not necessitate any type of authentication.

CVE ID CVE-2022-25880
Vulnerability Name Delta Electronics DIAEnergie
Vendor deltaww
Product DIAEnergie
Short Description The DIAE hierarchyHandler.ashx file in Delta Electronics DIAEnergie (all versions previous to 1.8.02.004) contains a blind SQL injection vulnerability.
An attacker can use this vulnerability to inject arbitrary SQL queries, retrieve and alter database contents, and run system instructions.
Date added to the catalog 29-03-2022
Severity (Scale out of 10) 9.8 (Critical)
Impact The below-mentioned version of DIAEnergie impacted: All versions prior to 1.8.02.004
Remediation This vulnerability can be remediated by upgrading to version 1.8.02.004
Cyber Security Services
End-to-End Proactive Solutions for empowering Advanced Threat Protection and Intelligence with Real-Time Analytics, Cyber Security Services

What is CVE-2022-1040?

Sophos Firewall Vulnerability

In the Web admin and User Portal of Sophos Firewall, an authentication bypass vulnerability allowing remote code execution was discovered and appropriately shared with Sophos. An external security researcher reported it through the Sophos bug bounty program. The flaw has now been patched. Customers that have the "Allow automatic installation of hotfixes" feature activated on their Sophos Firewall do not need to take any action. The default value is enabled.

This vulnerability has been used to target a small number of specific companies, primarily in the South Asia region, according to Sophos. Each of these organizations has been notified directly.

As our investigation continues, Sophos will give more information.

CVE ID CVE-2022-1040
Vulnerability Name Sophos Firewall
Vendor Sophos
Product sfos
Short Description In Sophos Firewall versions v18.5 MR3 and older, an authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code.
Date added to catalog 2022-03-25
Severity (Scale out of 10)  7.5 (High)
Impact This vulnerability applies to the mentioned below Sophos product: Sophos Firewall v18.5 MR3 [18.5.3] and older.
Remediation Customers can defend themselves against external attackers by making sure their User Portal and Webadmin aren't exposed to the WAN.
By adopting device access best practices, disable WAN access to the User Portal and Webadmin, and instead, utilize VPN and/or Sophos Central for remote access and control.

Conclusion

Delta Electronics DIAEnergie vulnerability authorizes an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands and Sophos Firewall Vulnerability is an authentication bypass vulnerability in the User Portal and Webadmin authorizes a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.

Explore the Recently Discovered Critical Vulnerabilities and their Remediations