CVE-2022-43457
published 2022-11-17CVE-2022-43457: SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
PriorityP351high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.62%
45.1th percentile
SQL Injection in
HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | diaenergie | — | — |
| deltaww | diaenergie | < 1.9.02.001 | 1.9.02.001 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Delta Electronics DIAEnergie (Update B)
cisa_ics·2022-11-10·CVSS 8.7
[HIGH] Delta Electronics DIAEnergie (Update B)
ICS Advisory
##
Delta Electronics DIAEnergie (Update B)
Last RevisedFebruary 16, 2023
Alert CodeICSA-22-298-06
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: DIAEnergie
--------- Begin Update B part 1 of 5 ---------
- Vulnerabilities: Cross-site Scripting, SQL Injection, Authorization Bypass
--------- End Update B part 1 of 5 ---------
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-22-298-06 Delta Electronics DIAEnergie (Update A) that was published November 10, 2022, to the ICS webpage at www.cisa.gov/ics.
## 3. RISK EVALUATION
--------- Begin Update B part 2 of 5 ---------
Successful exploitation of these vulnera
GHSA
GHSA-57jq-6mm4-q8pw: SQL Injection in HandlerPage_KID
ghsa_unreviewed·2022-11-18
CVE-2022-43457 [HIGH] CWE-89 GHSA-57jq-6mm4-q8pw: SQL Injection in HandlerPage_KID
SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-17
Published