SQL Injection in Delta Electronics DIAEnergie
CVE-2024-34032

8.8HIGH

Key Information:

Vendor: Delta Electronics
Status: Diaenergie
Vendor: CVE Published:; 3 May 2024

Summary

Delta Electronics DIAEnergie contains an SQL injection vulnerability found in the GetDIACloudList endpoint. This flaw can be exploited by authenticated attackers to execute malicious SQL queries, potentially allowing them to manipulate the database and gain unauthorized access to sensitive information. Organizations using DIAEnergie should apply the latest security patches and implement best practices to safeguard their systems against such vulnerabilities.

Affected Version(s)

DIAEnergie 1.10.00.005

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...

government-resource

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024

Credit

Michael Heinzl reported these vulnerabilities to CISA.