CVE-2022-26065

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-26065
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 Mitigation Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*
History

29 Apr 2022, 17:15

Type Values Removed Values Added
Summary Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetLatestDemandNode and GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

01 Apr 2022, 18:28

Type Values Removed Values Added
References (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 - (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 - Mitigation, Third Party Advisory, US Government Resource
First Time Deltaww
Deltaww diaenergie
CPE cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*
CWE CWE-89
CVSS v2 : unknown
v3 : unknown 		v2 : 10.0
v3 : 9.8

29 Mar 2022, 17:19

Type Values Removed Values Added
New CVE
Information

Published : 2022-03-29 17:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-26065

Mitre link : CVE-2022-26065

CVE.ORG link : CVE-2022-26065

JSON object : View

Products Affected

deltaww

  • diaenergie
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')