SQL Injection Vulnerability Discovered in Handler_CFG.ashx
CVE-2024-28891

8.8HIGH

Key Information:

Vendor: Delta Electronics
Status: Diaenergie
Vendor: CVE Published:; 21 March 2024

Summary

An SQL injection vulnerability exists within the Handler_CFG.ashx script that could allow unauthorized access to database commands. This vulnerability poses a risk as it may enable attackers to manipulate SQL queries by injecting malicious input, potentially leading to data leakage or manipulation. Due to the nature of this vulnerability, it is crucial for users of the affected products to implement mitigative measures and patch any systems at risk. Further details can be referenced in the advisory from CISA.

Affected Version(s)

DIAEnergie 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-0...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2024
Vulnerability Reserved
Mar 12, 2024

Credit

Michael Heinzl reported these vulnerabilities to CISA.