SQL Injection vulnerability in Delta Electronics DIAEnergie
CVE-2024-34031

8.8HIGH

Key Information:

Vendor: Delta Electronics
Status: Diaenergie
Vendor: CVE Published:; 3 May 2024

Summary

Delta Electronics DIAEnergie software is vulnerable to an SQL injection flaw in the Handler_CFG.ashx script, allowing authenticated attackers to execute arbitrary SQL commands. This vulnerability could potentially enable attackers to access, modify, or compromise sensitive information stored within the DIAEnergie system. Implementing measures to secure the affected product versions is crucial to prevent exploitation and safeguard operational integrity.

Affected Version(s)

DIAEnergie 1.10.00.005

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...

government-resource

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024

Credit

Michael Heinzl reported these vulnerabilities to CISA.