CVE-2024-34031
published 2024-05-03CVE-2024-34031: Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit…
PriorityP351high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.50%
39.0th percentile
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | diaenergie | — | — |
| deltaww | diaenergie | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Delta Electronics DIAEnergie
cisa_ics·2024-05-02·CVSS 8.8
[HIGH] Delta Electronics DIAEnergie
ICS Advisory
##
Delta Electronics DIAEnergie
Release DateMay 02, 2024
Alert CodeICSA-24-123-02
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: DIAEnergie
- Vulnerabilities: SQL Injection, Path Traversal
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an authenticated attacker with limited privileges to escalate privileges, retrieve confidential information, upload arbitrary files, backdoor the application, and compromise the system on which DIAEnergie is deployed.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Delta Electronics DIAEnergie, an industrial energy management system, are affected:
-
GHSA
GHSA-7m69-r4qx-m492: Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG
ghsa_unreviewed·2024-05-03
CVE-2024-34031 [HIGH] CWE-89 GHSA-7m69-r4qx-m492: Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-03
Published