Delta Electronics DIAEnergie SQL Injection in DIAE_dmdsetHandler.ashx
Description
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A blind SQL injection vulnerability in Delta Electronics DIAEnergie allows remote attackers to inject SQL queries, modify database contents, and execute system commands.
Vulnerability
CVE-2022-26013 is a blind SQL injection vulnerability in Delta Electronics DIAEnergie industrial energy management software, specifically in the DIAE_dmdsetHandler.ashx endpoint. The vulnerability affects all versions prior to 1.8.02.004. An attacker can inject arbitrary SQL queries without authentication.
Exploitation
An unauthenticated attacker can exploit this vulnerability remotely over the network by sending crafted HTTP requests to the affected endpoint. The attack complexity is low and does not require user interaction. Blind SQL injection techniques can be used to extract data.
Impact
Successful exploitation allows an attacker to retrieve and modify database contents, and potentially execute system commands on the underlying server, leading to full compromise of confidentiality, integrity, and availability.
Mitigation
Delta Electronics has released version 1.8.02.004 to address this vulnerability. Users should update to this version or later. No workarounds are known. The CISA advisory [1] provides additional guidance.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<1.8.02.004+ 1 more
- (no CPE)range: <1.8.02.004
- (no CPE)range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.cisa.gov/uscert/ics/advisories/icsa-22-081-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.