Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.
Fixes

Solution

Delta recommends users update to DIAEnergie v1.10.01.009. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents. https://www.deltaww.com/en-US/customerService For more information on this issue, please see the Delta product cybersecurity advisory. https://www.deltaww.com/en-US/Cybersecurity_Advisory


Workaround

No workaround given by the vendor.

History

Fri, 04 Oct 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Deltaww
Deltaww diaenergie
CPEs cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*
Vendors & Products Deltaww
Deltaww diaenergie
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 03 Oct 2024 22:45:00 +0000

Type Values Removed Values Added
Description Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.
Title Delta Electronics DIAEnergie SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-10-04T14:14:32.287Z

Reserved: 2024-10-01T17:18:54.590Z

Link: CVE-2024-42417

cve-icon Vulnrichment

Updated: 2024-10-04T14:14:26.464Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-03T23:15:03.230

Modified: 2024-10-08T15:43:05.720

Link: CVE-2024-42417

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.