CVE-2022-43452
published 2022-11-17CVE-2022-43452: SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
7.69%
93.8th percentile
SQL Injection in
FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | diaenergie | — | — |
| deltaww | diaenergie | < 1.9.02.001 | 1.9.02.001 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6q42-66qj-99qv: SQL Injection in FtyInfoSetting
ghsa_unreviewed·2022-11-18
CVE-2022-43452 [HIGH] CWE-89 GHSA-6q42-66qj-99qv: SQL Injection in FtyInfoSetting
SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CISA ICS
Delta Electronics DIAEnergie (Update B)
cisa_ics·2022-11-10·CVSS 8.7
[HIGH] Delta Electronics DIAEnergie (Update B)
ICS Advisory
##
Delta Electronics DIAEnergie (Update B)
Last RevisedFebruary 16, 2023
Alert CodeICSA-22-298-06
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: DIAEnergie
--------- Begin Update B part 1 of 5 ---------
- Vulnerabilities: Cross-site Scripting, SQL Injection, Authorization Bypass
--------- End Update B part 1 of 5 ---------
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-22-298-06 Delta Electronics DIAEnergie (Update A) that was published November 10, 2022, to the ICS webpage at www.cisa.gov/ics.
## 3. RISK EVALUATION
--------- Begin Update B part 2 of 5 ---------
Successful exploitation of these vulnera
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-17
Published