Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.
Fixes

Solution

Delta recommends users update to DIAEnergie v1.10.01.009. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents. https://www.deltaww.com/en-US/customerService For more information on this issue, please see the Delta product cybersecurity advisory. https://www.deltaww.com/en-US/Cybersecurity_Advisory


Workaround

No workaround given by the vendor.

History

Fri, 04 Oct 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Deltaww
Deltaww diaenergie
CPEs cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*
Vendors & Products Deltaww
Deltaww diaenergie
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 03 Oct 2024 22:45:00 +0000

Type Values Removed Values Added
Description Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.
Title Delta Electronics DIAEnergie SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-10-04T14:15:27.750Z

Reserved: 2024-10-01T17:18:54.603Z

Link: CVE-2024-43699

cve-icon Vulnrichment

Updated: 2024-10-04T14:15:22.168Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-03T23:15:03.490

Modified: 2024-10-08T15:44:29.183

Link: CVE-2024-43699

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.