Delta Electronics DIAEnergie
Description
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in CheckDIACloud of Delta DIAEnergie allows low-privileged authenticated attacker to inject arbitrary SQL queries, affecting versions prior to v1.9.01.002.
Vulnerability
SQL injection vulnerability exists in CheckDIACloud in Delta Electronics DIAEnergie versions prior to v1.9.01.002. The vulnerability allows a low-privileged authenticated attacker to inject arbitrary SQL queries [1].
Exploitation
An attacker must be authenticated with low privileges. They can send crafted inputs to CheckDIACloud to execute arbitrary SQL commands. The attack is remotely exploitable with low complexity [1].
Impact
Successful exploitation could allow the attacker to retrieve and modify database contents and execute system commands [1]. This could lead to information disclosure, data tampering, and potential system compromise.
Mitigation
Delta Electronics has released DIAEnergie v1.9.01.002 to address this vulnerability [1]. Users should update to the latest version. No workarounds are provided in the reference.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: All
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.