Taiwan-based Delta Electronics has patched potentially serious vulnerabilities in two of its industrial networking products.
Researchers from CyberDanube, a brand-new industrial cybersecurity firm with headquarters in Austria, discovered the flaws in Delta’s DX-2100-L1-CN 3G cloud router and the DVW-W02W2-E2 industrial wireless access point. Risk with Delta Electronics router Instead of examining the actual devices, the researchers used virtualization techniques to create what are known as “digital twins” for their analysis. They found a stored cross-site scripting (XSS) flaw and an authenticated command injection problem in the 3G router.
An attacker with access to the web service credentials may be able to use the command injection vulnerability to execute system commands on the OS with root privileges.