Details of VAR-202410-0021

ID

VAR-202410-0021

CVE

CVE-2024-42417

TITLE

Delta Electronics, INC. of DIAEnergie In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-009983

DESCRIPTION

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Delta Electronics DIAEnergie Handler_CFG.ashx has a SQL injection vulnerability, which can be exploited by attackers to view, add, modify or delete information in the backend database

Trust: 2.16

sources: NVD: CVE-2024-42417 // JVNDB: JVNDB-2024-009983 // CNVD: CNVD-2025-01800

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-01800

AFFECTED PRODUCTS

vendor:	deltaww	model:	diaenergie	scope:	lte	version:	1.10.01.008	Trust: 1.0
vendor:	delta	model:	diaenergie	scope:	lte	version:	1.10.01.008 and earlier	Trust: 0.8
vendor:	delta	model:	diaenergie	scope:	-	version:	-	Trust: 0.8
vendor:	delta	model:	diaenergie	scope:	eq	version:	-	Trust: 0.8
vendor:	delta	model:	electronics diaenergie	scope:	lte	version:	<=1.10.01.008	Trust: 0.6

sources: CNVD: CNVD-2025-01800 // JVNDB: JVNDB-2024-009983 // NVD: CVE-2024-42417

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-42417
value:	HIGH
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2024-42417
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-42417
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-01800
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-01800
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-42417
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2024-42417
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-01800 // JVNDB: JVNDB-2024-009983 // NVD: CVE-2024-42417 // NVD: CVE-2024-42417

PROBLEMTYPE DATA

problemtype:	CWE-89	Trust: 1.0
problemtype:	SQL injection (CWE-89) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-009983 // NVD: CVE-2024-42417

PATCH

title:

Patch for Delta Electronics DIAEnergie Handler_CFG.ashx SQL Injection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/652041

Trust: 0.6

sources: CNVD: CNVD-2025-01800

EXTERNAL IDS

db:	NVD	id:	CVE-2024-42417	Trust: 3.2
db:	ICS CERT	id:	ICSA-24-277-03	Trust: 2.4
db:	JVN	id:	JVNVU95461170	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-009983	Trust: 0.8
db:	CNVD	id:	CNVD-2025-01800	Trust: 0.6

sources: CNVD: CNVD-2025-01800 // JVNDB: JVNDB-2024-009983 // NVD: CVE-2024-42417

REFERENCES

url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-03	Trust: 2.4
url:	https://www.deltaww.com/en-us/cybersecurity_advisory	Trust: 1.8
url:	https://jvn.jp/vu/jvnvu95461170/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-42417	Trust: 0.8

sources: CNVD: CNVD-2025-01800 // JVNDB: JVNDB-2024-009983 // NVD: CVE-2024-42417

SOURCES

db:	CNVD	id:	CNVD-2025-01800
db:	JVNDB	id:	JVNDB-2024-009983
db:	NVD	id:	CVE-2024-42417

LAST UPDATE DATE

2025-01-24T22:46:53.547000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-01800	date:	2025-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2024-009983	date:	2024-10-09T01:14:00
db:	NVD	id:	CVE-2024-42417	date:	2024-10-08T15:43:05.720

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-01800	date:	2025-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2024-009983	date:	2024-10-09T00:00:00
db:	NVD	id:	CVE-2024-42417	date:	2024-10-03T23:15:03.230