ID
VAR-202204-1820
CVE
CVE-2022-1374
TITLE
Delta Electronics, INC. of DIAEnergie In SQL Injection vulnerability
Trust: 0.8
DESCRIPTION
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | deltaww | model: | diaenergie | scope: | lt | version: | 1.8.02.004 | Trust: 1.0 |
| vendor: | delta | model: | diaenergie | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | delta | model: | diaenergie | scope: | eq | version: | 1.8.02.004 | Trust: 0.8 |
| vendor: | delta | model: | diaenergie | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-89 | Trust: 1.0 |
| problemtype: | SQL injection (CWE-89) [ others ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
SQL injection
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Delta Electronics DIAEnergie SQL Repair measures for injecting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=191000 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-1374 | Trust: 3.3 |
| db: | ICS CERT | id: | ICSA-22-081-01 | Trust: 2.5 |
| db: | JVN | id: | JVNVU99338807 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2022-008974 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202204-4568 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2022-1374 | Trust: 0.1 |
REFERENCES
| url: | https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 | Trust: 2.5 |
| url: | https://jvn.jp/vu/jvnvu99338807/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-1374 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-1374/ | Trust: 0.6 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-22-081-01 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/89.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
Michael Heinzl and Dusan Stevanovic of Trend Micro’s Zero Day Initiative reported these vulnerabilities to CISA.
Trust: 0.6
SOURCES
| db: | VULMON | id: | CVE-2022-1374 |
| db: | JVNDB | id: | JVNDB-2022-008974 |
| db: | NVD | id: | CVE-2022-1374 |
| db: | CNNVD | id: | CNNVD-202204-4568 |
LAST UPDATE DATE
2023-12-18T11:56:27.916000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2022-1374 | date: | 2022-05-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-008974 | date: | 2023-08-01T08:34:00 |
| db: | NVD | id: | CVE-2022-1374 | date: | 2022-05-10T20:02:41.377 |
| db: | CNNVD | id: | CNNVD-202204-4568 | date: | 2022-05-11T00:00:00 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2022-1374 | date: | 2022-05-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-008974 | date: | 2023-08-01T00:00:00 |
| db: | NVD | id: | CVE-2022-1374 | date: | 2022-05-02T19:15:08.680 |
| db: | CNNVD | id: | CNNVD-202204-4568 | date: | 2022-04-28T00:00:00 |