Delta Electronics DIAEnergie SQL Injection
CVE-2024-25574

9.8CRITICAL

Key Information:

Vendor: Delta Electronics
Status: Diaenergie
Vendor: CVE Published:; 1 April 2024

🔔 Create Delta Electronics Vulnerability Alert

What is CVE-2024-25574?

A SQL injection vulnerability is identified in GetDIAE_usListParameters, allowing attackers to manipulate SQL queries through user input. This vulnerability poses significant security risks, enabling unauthorized access to sensitive data within affected systems. Improper input validation in the application allows attackers to exploit this flaw, potentially leading to data leaks and substantial impacts on data integrity. Organizations utilizing this product should be vigilant about patching and implementing security best practices to mitigate the risk associated with this vulnerability.

Affected Version(s)

DIAEnergie 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-0...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2024

Credit

Michael Heinzl reported these vulnerabilities to CISA.