Vulnerability Details CVE-2022-40967
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.027
EPSS Ranking 85.3%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-40967
-
cpe:2.3:a:deltaww:diaenergie:-
-
cpe:2.3:a:deltaww:diaenergie:1.08.00
-
cpe:2.3:a:deltaww:diaenergie:1.7.5
-
cpe:2.3:a:deltaww:diaenergie:1.8.0
-
cpe:2.3:a:deltaww:diaenergie:1.8.02.004
-
cpe:2.3:a:deltaww:diaenergie:1.9.0
-
cpe:2.3:a:deltaww:diaenergie:1.9.01.001