Delta Electronics DIAEnergie SQL Injection in DIAE_HandlerTag_KID.ashx
Description
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A blind SQL injection in DIAEnergie's DIAE_loopmapHandler.ashx allows remote unauthenticated attackers to execute arbitrary SQL and system commands.
Vulnerability
A blind SQL injection vulnerability exists in the DIAE_loopmapHandler.ashx endpoint of Delta Electronics DIAEnergie. All versions prior to 1.8.02.004 (and prior to 1.9 per the advisory) are affected. The vulnerability is reachable without authentication and requires no special configuration.
Exploitation
An attacker can exploit this vulnerability remotely over the network with low complexity. No authentication or user interaction is required. By sending a crafted HTTP request to the vulnerable handler with malicious SQL payloads, the attacker can perform blind SQL injection, inferring database contents through response timing or error messages.
Impact
Successful exploitation allows the attacker to retrieve, modify, or delete arbitrary database contents and execute system commands on the underlying server. This leads to full compromise of confidentiality, integrity, and availability of the affected system.
Mitigation
Delta Electronics released version 1.9 to address this vulnerability. Users should update to 1.9 or later. No workarounds are documented in the available references [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<1.8.02.004+ 1 more
- (no CPE)range: <1.8.02.004
- (no CPE)range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.cisa.gov/uscert/ics/advisories/icsa-22-081-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.