Delta Electronics DIAEnergie SQL Injection
Description
SQL Injection in
Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in Handler_CFG.ashx in Delta DIAEnergie prior to v1.9.02.001 allows remote attackers to execute arbitrary SQL queries.
Vulnerability
SQL injection vulnerability exists in the Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie, an industrial energy management system. Versions prior to v1.9.02.001 are affected [1]. The flaw is due to improper neutralization of user-supplied input, allowing an attacker to inject arbitrary SQL queries via network requests.
Exploitation
An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request to the Handler_CFG.ashx endpoint. The low attack complexity means no special conditions or user interaction are required [1].
Impact
Successful exploitation allows an attacker to retrieve, modify, or delete database contents, and potentially execute system commands on the underlying server. This could lead to full compromise of the DIAEnergie application and associated data [1].
Mitigation
Delta Electronics has released version v1.9.02.001 to address this vulnerability. Users should update to this version or later. The CISA advisory also recommends applying the update and following security best practices [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<1.9.02.001+ 1 more
- (no CPE)range: <1.9.02.001
- (no CPE)range: All
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.