| ID | 52511 |
| Created | Jan 10, 2023 |
| Updated | Jan 28, 2023 |
| Severity |
|
| Coverage |
IPS (Regular DB)
IPS (Extended DB)
|
| Default Action | drop |
| Active |
|
| Affected OS | Windows |
| Affected App | SCADA |
Legend
| Active/Available |
|
| InActive/Not Available |
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2023-01-31 | 22.486 | Default_action:pass:drop |
| 2023-01-18 | 22.479 | Modified |
| 2023-01-10 | 22.472 |
Refine Search
Threat Encyclopedia
Delta.IA.DIAEnergie.FtyInfoSetting.aspx.SQL.Injection
Description
This indicates an attack attempt to exploit an SQL Injection Vulnerability in Delta Electronics DIAEnergie.
This vulnerability is due to improper input validation in the FtyInfoSetting.aspx endpoint. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in SQL injection.
Affected Products
Delta Electronics DIAEnergie prior to 1.9.02.001
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06
