Delta Electronics DIAEnergie SQL Injection in DIAE_tagHandler.ashx
Description
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A blind SQL injection in Delta Electronics DIAEnergie's DIAE_tagHandler.ashx allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially gain system access.
Vulnerability
In Delta Electronics DIAEnergie (all versions prior to 1.8.02.004 as per CVE, while the CISA advisory [1] lists affected versions prior to 1.9), a blind SQL injection vulnerability exists in the DIAE_tagHandler.ashx endpoint. The handler fails to properly sanitize user-supplied input, allowing unauthenticated remote attackers to inject arbitrary SQL queries [1].
Exploitation
An attacker can send specially crafted HTTP requests to the vulnerable DIAE_tagHandler.ashx endpoint without requiring any authentication. The blind nature of the SQL injection requires the attacker to infer database responses through Boolean-based or time-based techniques. The attack can be performed remotely with low complexity and no user interaction [1].
Impact
Successful exploitation allows an attacker to retrieve and modify database contents, and potentially execute system commands on the underlying server. This can lead to full compromise of the DIAEnergie application and the affected industrial energy management system, impacting confidentiality, integrity, and availability [1].
Mitigation
Delta Electronics has released version 1.8.02.004 (or later) to address this vulnerability. Users should update to the latest version. The CISA advisory [1] provides further guidance. No specific workarounds have been published.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<1.8.02.004+ 1 more
- (no CPE)range: <1.8.02.004
- (no CPE)range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.cisa.gov/uscert/ics/advisories/icsa-22-081-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.