CVE-2022-1369
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Delta Electronics | DIAEnergie | unspecified < 1.8.02.004 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
Workarounds
Delta also suggests users:
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet. Locate control system networks and remote devices behind firewalls and isolate them from the business network. Use an application firewall that can detect attacks against “Path Traversal” and “SQL Injection” weakness. Never connect programming software to any network other than the network intended for that device. When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing a VPN is only as secure as its connected devices
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.