Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability found for entelitouch by deltacontrols
VAR-202206-0167
Vulnerability from variot - Updated: 2024-11-23 21:58Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Delta Controls enteliTOUCH is a touch screen building controller from Delta Controls, Canada. The vulnerability stems from the fact that the Username parameter lacks data validation filtering for user-provided data and output. enteliTOUCH - Touchscreen Building Controller. Get instantaccess to the heart of your BAS. The enteliTOUCH has a 7-inch,high-resolution display that serves as an interface to your building.Use it as your primary interface for smaller facilities or as anon-the-spot access point for larger systems. The intuitive,easy-to-navigate interface gives instant access to manage your BAS.Input passed to the POST parameter 'Username' is not properlysanitised before being returned to the user. This can be exploitedto execute arbitrary HTML code in a user's browser session in contextof an affected site.Tested on: DELTA enteliTOUCH
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0167",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "entelitouch",
"scope": "eq",
"trust": 1.0,
"vendor": "deltacontrols",
"version": "3.40.3935"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 1.0,
"vendor": "deltacontrols",
"version": "3.33.4005"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 1.0,
"vendor": "deltacontrols",
"version": "3.40.3706"
},
{
"model": "entelitouch",
"scope": null,
"trust": 0.8,
"vendor": "delta controls",
"version": null
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 0.8,
"vendor": "delta controls",
"version": "entelitouch firmware 3.40.3935"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 0.8,
"vendor": "delta controls",
"version": "entelitouch firmware 3.33.4005"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 0.8,
"vendor": "delta controls",
"version": "entelitouch firmware 3.40.3706"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 0.8,
"vendor": "delta controls",
"version": null
},
{
"model": "controls dentelitouch",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "3.40.3935"
},
{
"model": "controls dentelitouch",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "3.40.3706"
},
{
"model": "controls dentelitouch",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "3.33.4005"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 0.1,
"vendor": "delta controls",
"version": "3.40.3935"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 0.1,
"vendor": "delta controls",
"version": "3.40.3706"
},
{
"model": "entelitouch",
"scope": "eq",
"trust": 0.1,
"vendor": "delta controls",
"version": "3.33.4005"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"db": "NVD",
"id": "CVE-2022-29732"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5703"
}
],
"trust": 0.1
},
"cve": "CVE-2022-29732",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-29732",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-77000",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2022-29732",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-29732",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-29732",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-29732",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2022-77000",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-260",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2022-5703",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
},
{
"db": "NVD",
"id": "CVE-2022-29732"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Delta Controls enteliTOUCH is a touch screen building controller from Delta Controls, Canada. The vulnerability stems from the fact that the Username parameter lacks data validation filtering for user-provided data and output. enteliTOUCH - Touchscreen Building Controller. Get instantaccess to the heart of your BAS. The enteliTOUCH has a 7-inch,high-resolution display that serves as an interface to your building.Use it as your primary interface for smaller facilities or as anon-the-spot access point for larger systems. The intuitive,easy-to-navigate interface gives instant access to manage your BAS.Input passed to the POST parameter \u0027Username\u0027 is not properlysanitised before being returned to the user. This can be exploitedto execute arbitrary HTML code in a user\u0027s browser session in contextof an affected site.Tested on: DELTA enteliTOUCH",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29732"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"db": "VULMON",
"id": "CVE-2022-29732"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/entelitouch_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5703"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-29732",
"trust": 4.0
},
{
"db": "ZSL",
"id": "ZSL-2022-5703",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010888",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-77000",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-260",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022040065",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "50879",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166728",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-29732",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "VULMON",
"id": "CVE-2022-29732"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
},
{
"db": "NVD",
"id": "CVE-2022-29732"
}
]
},
"id": "VAR-202206-0167",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-77000"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-77000"
}
]
},
"last_update_date": "2024-11-23T21:58:20.574000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Delta Controls enteliTOUCH cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/346031"
},
{
"title": "Delta Controls enteliTOUCH Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195738"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"db": "NVD",
"id": "CVE-2022-29732"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.deltacontrols.com/"
},
{
"trust": 2.5,
"url": "https://www.zeroscience.mk/en/vulnerabilities/zsl-2022-5703.php"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29732"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-29732/"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/166728/delta-controls-entelitouch-3.40.3935-cross-site-scripting.html"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/50879"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224333"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2022040065"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2022-29732"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "VULMON",
"id": "CVE-2022-29732"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
},
{
"db": "NVD",
"id": "CVE-2022-29732"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "VULMON",
"id": "CVE-2022-29732"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
},
{
"db": "NVD",
"id": "CVE-2022-29732"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-14T00:00:00",
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"date": "2022-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29732"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"date": "2022-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-260"
},
{
"date": "2022-06-02T14:15:50.910000",
"db": "NVD",
"id": "CVE-2022-29732"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-29T00:00:00",
"db": "ZSL",
"id": "ZSL-2022-5703"
},
{
"date": "2022-11-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29732"
},
{
"date": "2023-08-17T08:34:00",
"db": "JVNDB",
"id": "JVNDB-2022-010888"
},
{
"date": "2022-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-260"
},
{
"date": "2024-11-21T06:59:37.500000",
"db": "NVD",
"id": "CVE-2022-29732"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Controls enteliTOUCH cross-site scripting vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-77000"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-260"
}
],
"trust": 0.6
}
}