A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field
The CEBC.exe process handles 'RecalculateScript' type messages, which are split into 4 fields using '~' as a separator. The fourth field passed in this message is not properly validated or sanitized, which classifies the vulnerability as CWE-20 (Improper Input Validation) and CWE-89 (SQL Injection). An unauthenticated remote attacker can craft an appropriate message containing a malicious SQL payload and send it to the vulnerable process, gaining the ability to manipulate the database.
An attacker can gain unauthorized access to the database, read, modify or delete stored data, and potentially take control of the energy management system, which in industrial environments may lead to serious operational disruptions.
Patches available from the manufacturer should be applied according to the references. It is recommended to update to a version higher than v1.10.1.8610. Additionally, until the patch is deployed, it is recommended to restrict network access to the DIAEnergie system through a firewall and isolate the system in the OT/ICS network in accordance with the principle of least privilege.
Delta Electronics DIAEnergie version v1.10.1.8610 and all earlier versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDeltaww Diaenergie
APPDeltaww< 1.10.01.004
Related vulnerabilities
SQL Injection w Delta Electronics DIAEnergie â dostÄp do danych bez uwierzytelnienia
SQL Injection w Delta Electronics DIAEnergie via RecalculateHDMWYC
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an atta...
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow ...
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use...