Unrated severityNVD Advisory· Published May 6, 2024· Updated Aug 1, 2024

Delta Electronics DIAEnergie SQL Injection

CVE-2024-4548

Description

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.

Affected products

Diaenerrgie/Diaenergiellm-fuzzy
Range: <=1.10.1.8610
Delta Electronics/DIAEnergiev5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.tenable.com/security/research/tra-2024-13mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.036
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000