CVE-2022-26666

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 Mitigation Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*

History

29 Apr 2022, 17:15

Type Values Removed Values Added
Summary Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialogECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

01 Apr 2022, 18:27

Type Values Removed Values Added
First Time Deltaww
Deltaww diaenergie
CPE cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*
References (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 - (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 - Mitigation, Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : unknown
v2 : 10.0
v3 : 9.8
CWE CWE-89

29 Mar 2022, 17:19

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-29 17:15

Updated : 2022-06-29 20:50


NVD link : CVE-2022-26666

Mitre link : CVE-2022-26666


JSON object : View

Products Affected

deltaww

  • diaenergie
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')