CVE-2024-34032

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02	US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:deltaww:diaenergie:1.10.00.005:*:*:*:*:*:*:*

History

30 Jan 2025, 14:31

Type	Values Removed	Values Added
CPE		cpe:2.3:a:deltaww:diaenergie:1.10.00.005:::::::*
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02 - US Government Resource
First Time		Deltaww Deltaww diaenergie

21 Nov 2024, 09:17

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02 -
Summary		(es) Delta Electronics DIAEnergie es afectada por una vulnerabilidad de inyección SQL que existe en el endpoint GetDIACloudList. Un atacante autenticado puede aprovechar este problema para comprometer potencialmente el sistema en el que está implementado DIAEnergie.

03 May 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-03 01:15

Updated : 2025-01-30 14:31

NVD link : CVE-2024-34032

Mitre link : CVE-2024-34032

CVE.ORG link : CVE-2024-34032

JSON object : View

Products Affected

deltaww

diaenergie

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-34032", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-05-03T01:15:48.197", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02", "tags": ["US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "\nDelta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.\n\n"}, {"lang": "es", "value": "Delta Electronics DIAEnergie es afectada por una vulnerabilidad de inyecci\u00f3n SQL que existe en el endpoint GetDIACloudList. Un atacante autenticado puede aprovechar este problema para comprometer potencialmente el sistema en el que est\u00e1 implementado DIAEnergie."}], "lastModified": "2025-01-30T14:31:00.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:deltaww:diaenergie:1.10.00.005:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "665D43C4-0192-43A0-A9B7-ACAA1BF1EAC8"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}

8.8 /10