Vulnerability Details CVE-2024-4547
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.8%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2024-4547
-
cpe:2.3:a:deltaww:diaenergie:-
-
cpe:2.3:a:deltaww:diaenergie:1.08.00
-
cpe:2.3:a:deltaww:diaenergie:1.10.00.005
-
cpe:2.3:a:deltaww:diaenergie:1.7.5
-
cpe:2.3:a:deltaww:diaenergie:1.8.0
-
cpe:2.3:a:deltaww:diaenergie:1.8.02.004
-
cpe:2.3:a:deltaww:diaenergie:1.9.0
-
cpe:2.3:a:deltaww:diaenergie:1.9.01.001
-
cpe:2.3:a:deltaww:diaenergie:1.9.01.002
-
cpe:2.3:a:deltaww:diaenergie:1.9.03.001