Sign-up

ID

VAR-202210-1564


CVE

CVE-2022-43775


TITLE

Delta Electronics, INC.  of  DIAEnergie  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-025156

DESCRIPTION

The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-43775 // JVNDB: JVNDB-2022-025156

AFFECTED PRODUCTS

vendor:deltawwmodel:diaenergiescope:eqversion:1.9.0

Trust: 1.0

vendor:deltamodel:diaenergiescope: - version: -

Trust: 0.8

vendor:deltamodel:diaenergiescope:eqversion: -

Trust: 0.8

vendor:deltamodel:diaenergiescope:eqversion:1.9.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-025156 // NVD: CVE-2022-43775

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-43775
value: CRITICAL

Trust: 1.8

CNNVD: CNNVD-202210-2203
value: CRITICAL

Trust: 0.6

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-43775
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-025156 // CNNVD: CNNVD-202210-2203 // NVD: CVE-2022-43775

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

problemtype:SQL injection (CWE-89) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-025156 // NVD: CVE-2022-43775

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-2203

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202210-2203

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-43775

EXTERNAL IDS
db:NVDid:CVE-2022-43775
Trust: 3.2
db:TENABLEid:TRA-2022-33
Trust: 2.4
db:JVNDBid:JVNDB-2022-025156
Trust: 0.8
db:CNNVDid:CNNVD-202210-2203
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-025156 // 
            
            
            
            CNNVD: CNNVD-202210-2203 // 
            
            
            
            NVD: CVE-2022-43775

REFERENCES
url:https://www.tenable.com/security/research/tra-2022-33
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2022-43775
Trust: 1.4
url:https://cxsecurity.com/cveshow/cve-2022-43775/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-025156 // 
            
            
            
            CNNVD: CNNVD-202210-2203 // 
            
            
            
            NVD: CVE-2022-43775

SOURCES
db:JVNDBid:JVNDB-2022-025156
db:CNNVDid:CNNVD-202210-2203
db:NVDid:CVE-2022-43775

LAST UPDATE DATE
2024-07-18T23:15:38.740000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2022-025156date:2024-07-17T02:53:00
db:CNNVDid:CNNVD-202210-2203date:2022-10-31T00:00:00
db:NVDid:CVE-2022-43775date:2022-10-28T01:54:24.757

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2022-025156date:2024-07-17T00:00:00
db:CNNVDid:CNNVD-202210-2203date:2022-10-26T00:00:00
db:NVDid:CVE-2022-43775date:2022-10-26T18:15:10.910