CVE-2022-26666

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-26666
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 Mitigation Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*
History

29 Apr 2022, 17:15

Type Values Removed Values Added
Summary Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialogECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

01 Apr 2022, 18:27

Type Values Removed Values Added
First Time Deltaww
Deltaww diaenergie
CPE cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : 10.0
v3 : 9.8
CWE CWE-89
References (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 - (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 - Mitigation, Third Party Advisory, US Government Resource

29 Mar 2022, 17:19

Type Values Removed Values Added
New CVE
Information

Published : 2022-03-29 17:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-26666

Mitre link : CVE-2022-26666

CVE.ORG link : CVE-2022-26666

JSON object : View

Products Affected

deltaww

  • diaenergie
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')