CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-38391

A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 76.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03

Products affected by CVE-2021-38391

Deltaww » Diaenergie » Version: N/A

cpe:2.3:a:deltaww:diaenergie:-
Deltaww » Diaenergie » Version: 1.7.5

cpe:2.3:a:deltaww:diaenergie:1.7.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-38391

Products

Pricing

Contact Us