Sign-up

ID

VAR-202210-1861


CVE

CVE-2022-41133


TITLE

Delta Electronics, INC.  of  DIAEnergie  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-019030

DESCRIPTION

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-41133 // JVNDB: JVNDB-2022-019030

AFFECTED PRODUCTS

vendor:deltawwmodel:diaenergiescope:ltversion:1.9.01.002

Trust: 1.0

vendor:deltamodel:diaenergiescope:eqversion:1.9.01.002

Trust: 0.8

vendor:deltamodel:diaenergiescope: - version: -

Trust: 0.8

vendor:deltamodel:diaenergiescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-019030 // NVD: CVE-2022-41133

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-41133
value: HIGH

Trust: 1.8

ics-cert@hq.dhs.gov: CVE-2022-41133
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202210-2146
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-41133
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019030 // NVD: CVE-2022-41133 // NVD: CVE-2022-41133 // CNNVD: CNNVD-202210-2146

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

problemtype:SQL injection (CWE-89) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-019030 // NVD: CVE-2022-41133

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-2146

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202210-2146

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-41133

EXTERNAL IDS
db:NVDid:CVE-2022-41133
Trust: 3.2
db:ICS CERTid:ICSA-22-298-06
Trust: 2.4
db:JVNid:JVNVU91874962
Trust: 0.8
db:JVNDBid:JVNDB-2022-019030
Trust: 0.8
db:AUSCERTid:ESB-2022.5371
Trust: 0.6
db:CNNVDid:CNNVD-202210-2146
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-019030 // 
            
            
            
            NVD: CVE-2022-41133 // 
            
            
            
            CNNVD: CNNVD-202210-2146

REFERENCES
url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06
Trust: 2.4
url:https://jvn.jp/vu/jvnvu91874962/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2022-41133
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2022.5371
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-41133/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-019030 // 
            
            
            
            NVD: CVE-2022-41133 // 
            
            
            
            CNNVD: CNNVD-202210-2146

SOURCES
db:JVNDBid:JVNDB-2022-019030
db:NVDid:CVE-2022-41133
db:CNNVDid:CNNVD-202210-2146

LAST UPDATE DATE
2023-12-18T11:55:27.682000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2022-019030date:2023-10-24T05:47:00
db:NVDid:CVE-2022-41133date:2022-10-28T18:35:35.807
db:CNNVDid:CNNVD-202210-2146date:2022-10-31T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2022-019030date:2023-10-24T00:00:00
db:NVDid:CVE-2022-41133date:2022-10-27T21:15:15.057
db:CNNVDid:CNNVD-202210-2146date:2022-10-26T00:00:00