Sign-up

ID

VAR-202405-0106


CVE

CVE-2024-34032


TITLE

Delta Electronics DIAEnergie GetDIACloudList SQL Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-01805

DESCRIPTION

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed. Delta Electronics DIAEnergie is an industrial energy management system launched by Delta Electronics, a Taiwan-based company

Trust: 1.44

sources: NVD: CVE-2024-34032 // CNVD: CNVD-2025-01805

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-01805

AFFECTED PRODUCTS

vendor:deltawwmodel:diaenergiescope:eqversion:1.10.00.005

Trust: 1.0

vendor:deltamodel:electronics diaenergiescope:eqversion:1.10.00.005

Trust: 0.6

sources: CNVD: CNVD-2025-01805 // NVD: CVE-2024-34032

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov: CVE-2024-34032
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2024-34032
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-01805
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-01805
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

ics-cert@hq.dhs.gov: CVE-2024-34032
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: CNVD: CNVD-2025-01805 // NVD: CVE-2024-34032 // NVD: CVE-2024-34032

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

sources: NVD: CVE-2024-34032

PATCH

title:Patch for Delta Electronics DIAEnergie GetDIACloudList SQL Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/652071

Trust: 0.6

sources: CNVD: CNVD-2025-01805

EXTERNAL IDS

db:NVDid:CVE-2024-34032

Trust: 1.6

db:ICS CERTid:ICSA-24-123-02

Trust: 1.6

db:CNVDid:CNVD-2025-01805

Trust: 0.6

sources: CNVD: CNVD-2025-01805 // NVD: CVE-2024-34032

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02

Trust: 1.6

sources: CNVD: CNVD-2025-01805 // NVD: CVE-2024-34032

SOURCES

db:CNVDid:CNVD-2025-01805
db:NVDid:CVE-2024-34032

LAST UPDATE DATE

2025-01-30T22:59:06.267000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-01805date:2025-01-20T00:00:00
db:NVDid:CVE-2024-34032date:2025-01-30T14:31:00.057

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-01805date:2025-01-21T00:00:00
db:NVDid:CVE-2024-34032date:2024-05-03T01:15:48.197