Sign-up

ID

VAR-202204-1814


CVE

CVE-2022-1375


TITLE

Delta Electronics, INC.  of  DIAEnergie  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-008973

DESCRIPTION

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-1375 // JVNDB: JVNDB-2022-008973 // VULMON: CVE-2022-1375

AFFECTED PRODUCTS

vendor:deltawwmodel:diaenergiescope:ltversion:1.8.02.004

Trust: 1.0

vendor:deltamodel:diaenergiescope:eqversion: -

Trust: 0.8

vendor:deltamodel:diaenergiescope:eqversion:1.8.02.004

Trust: 0.8

vendor:deltamodel:diaenergiescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-008973 // NVD: CVE-2022-1375

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-1375
value: CRITICAL

Trust: 1.8

ics-cert@hq.dhs.gov: CVE-2022-1375
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202204-4569
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-1375
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2022-1375
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-1375
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2022-1375 // JVNDB: JVNDB-2022-008973 // NVD: CVE-2022-1375 // NVD: CVE-2022-1375 // CNNVD: CNNVD-202204-4569

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

problemtype:SQL injection (CWE-89) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-008973 // NVD: CVE-2022-1375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-4569

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202204-4569

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-1375

PATCH
title:Delta Electronics DIAEnergie SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=191001
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202204-4569

EXTERNAL IDS
db:NVDid:CVE-2022-1375
Trust: 3.3
db:ICS CERTid:ICSA-22-081-01
Trust: 2.5
db:JVNid:JVNVU99338807
Trust: 0.8
db:JVNDBid:JVNDB-2022-008973
Trust: 0.8
db:CNNVDid:CNNVD-202204-4569
Trust: 0.6
db:VULMONid:CVE-2022-1375
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-1375 // 
            
            
            
            JVNDB: JVNDB-2022-008973 // 
            
            
            
            NVD: CVE-2022-1375 // 
            
            
            
            CNNVD: CNNVD-202204-4569

REFERENCES
url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01
Trust: 2.5
url:https://jvn.jp/vu/jvnvu99338807/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2022-1375
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-1375/
Trust: 0.6
url:https://us-cert.cisa.gov/ics/advisories/icsa-22-081-01
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/89.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-1375 // 
            
            
            
            JVNDB: JVNDB-2022-008973 // 
            
            
            
            NVD: CVE-2022-1375 // 
            
            
            
            CNNVD: CNNVD-202204-4569

CREDITS
Michael Heinzl and Dusan Stevanovic of Trend Micro’s Zero Day Initiative reported these vulnerabilities to CISA.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202204-4569

SOURCES
db:VULMONid:CVE-2022-1375
db:JVNDBid:JVNDB-2022-008973
db:NVDid:CVE-2022-1375
db:CNNVDid:CNNVD-202204-4569

LAST UPDATE DATE
2023-12-18T11:56:27.663000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-1375date:2022-05-10T00:00:00
db:JVNDBid:JVNDB-2022-008973date:2023-08-01T08:34:00
db:NVDid:CVE-2022-1375date:2022-05-10T20:09:17.067
db:CNNVDid:CNNVD-202204-4569date:2022-05-11T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-1375date:2022-05-02T00:00:00
db:JVNDBid:JVNDB-2022-008973date:2023-08-01T00:00:00
db:NVDid:CVE-2022-1375date:2022-05-02T19:15:08.740
db:CNNVDid:CNNVD-202204-4569date:2022-04-28T00:00:00