SQL Injection Vulnerability in Delta Electronics DIAEnergie's Handler_CFG.ashx Could Delay Targeted Product
CVE-2024-42417
8.8HIGH
Key Information:
- Vendor
- Delta Electronics DIAEnergie
- Status
- Diaenergie
- Vendor
- CVE Published:
- 3 October 2024
Summary
Delta Electronics' DIAEnergie product is susceptible to an SQL injection vulnerability located in the Handler_CFG.ashx script. This flaw can be exploited by authenticated attackers to introduce malicious SQL queries that may impact the functionality of the product, causing potential delays. Users are advised to review their security practices and consider implementing all necessary updates to mitigate risks associated with this vulnerability.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published