CVE-2024-4547
published 2024-05-06CVE-2024-4547: A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.90%
77.0th percentile
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | diaenergie | <= 1.10.1.8610 | — |
| deltaww | diaenergie | < 1.10.01.004 | 1.10.01.004 |
Detection & IOCsextracted from sources · hover to see the quote
commandecho -n "RecalculateScript~2024-01-01 00:00:00~2024-01-02 00:00:00~1); UPDATE DIAEnergie.dbo.DIAE_us SET pw=N'exJ/3E15SkSjem/EOj/ JubyAEzX5F5zrBVKdPff2C9I=' WHERE uid=1;--" | nc 928↗
- →Monitor TCP port 928 for inbound connections to CEBC.exe; any unauthenticated message beginning with 'RecalculateScript' followed by '~'-delimited fields should be treated as a potential SQLi attempt. ↗
- →Detect SQL injection payloads in the fourth '~'-separated field of 'RecalculateScript' messages on TCP/928, specifically patterns such as ');INSERT, ');UPDATE, or '--' terminators targeting DIAEnergie.dbo tables. ↗
- →Alert on writes to the DIAE_script table from network-originated SQL sessions, as the exploit inserts VBScript payloads executed as SYSTEM. ↗
- →Alert on modifications to DIAE_us (uid=1) from network-originated SQL sessions, as the exploit is used to change the DIAEnergie root password. ↗
- ·The vulnerability is unauthenticated — CEBC.exe on TCP/928 requires no credentials before processing 'RecalculateScript' messages, meaning network-level access alone is sufficient for exploitation. ↗
- ·The injected SQL executes under the DIAEnergie SQL Server context; VBScript payloads inserted into DIAE_script are subsequently executed as SYSTEM, enabling full OS-level compromise. ↗
- ·Affected version is DIAEnergie v1.10.1.8610 and prior; patch target is v1.10.01.004 or later, which may require contacting a sales representative to obtain. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2024-05-06
Published