CVE-2024-34032

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02	US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:deltaww:diaenergie:1.10.00.005:*:*:*:*:*:*:*

History

30 Jan 2025, 14:31

Type	Values Removed	Values Added
CPE		cpe:2.3:a:deltaww:diaenergie:1.10.00.005:::::::*
First Time		Deltaww diaenergie Deltaww
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02 - US Government Resource

Information

Published : 2024-05-03 01:15

Updated : 2025-01-30 14:31

NVD link : CVE-2024-34032

Mitre link : CVE-2024-34032

CVE.ORG link : CVE-2024-34032

JSON object : View

Products Affected

deltaww

diaenergie

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-34032", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-05-03T01:15:48.197", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02", "tags": ["US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "\nDelta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.\n\n"}, {"lang": "es", "value": "Delta Electronics DIAEnergie es afectada por una vulnerabilidad de inyecci\u00f3n SQL que existe en el endpoint GetDIACloudList. Un atacante autenticado puede aprovechar este problema para comprometer potencialmente el sistema en el que est\u00e1 implementado DIAEnergie."}], "lastModified": "2025-01-30T14:31:00.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:deltaww:diaenergie:1.10.00.005:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "665D43C4-0192-43A0-A9B7-ACAA1BF1EAC8"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}