Delta Electronics DIAEnergie SQL Injection
CVE-2024-25574
8.8HIGH
Summary
A SQL injection vulnerability is identified in GetDIAE_usListParameters, allowing attackers to manipulate SQL queries through user input. This vulnerability poses significant security risks, enabling unauthorized access to sensitive data within affected systems. Improper input validation in the application allows attackers to exploit this flaw, potentially leading to data leaks and substantial impacts on data integrity. Organizations utilizing this product should be vigilant about patching and implementing security best practices to mitigate the risk associated with this vulnerability.
Affected Version(s)
DIAEnergie 0
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Credit
Michael Heinzl reported these vulnerabilities to CISA.