Sign-up

ID

VAR-202410-0022


CVE

CVE-2024-43699


TITLE

Delta Electronics, INC.  of  DIAEnergie  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-010044

DESCRIPTION

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Delta Electronics DIAEnergie AM_RegReport.aspx has a SQL injection vulnerability, which can be exploited by attackers to view, add, modify or delete information in the backend database

Trust: 2.16

sources: NVD: CVE-2024-43699 // JVNDB: JVNDB-2024-010044 // CNVD: CNVD-2025-01801

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-01801

AFFECTED PRODUCTS

vendor:deltawwmodel:diaenergiescope:lteversion:1.10.01.008

Trust: 1.0

vendor:deltamodel:diaenergiescope:lteversion:1.10.01.008 and earlier

Trust: 0.8

vendor:deltamodel:diaenergiescope: - version: -

Trust: 0.8

vendor:deltamodel:diaenergiescope:eqversion: -

Trust: 0.8

vendor:deltamodel:electronics diaenergiescope:lteversion:<=1.10.01.008

Trust: 0.6

sources: CNVD: CNVD-2025-01801 // JVNDB: JVNDB-2024-010044 // NVD: CVE-2024-43699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-43699
value: CRITICAL

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2024-43699
value: CRITICAL

Trust: 1.0

NVD: CVE-2024-43699
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-01801
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-01801
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-43699
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2024-43699
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-01801 // JVNDB: JVNDB-2024-010044 // NVD: CVE-2024-43699 // NVD: CVE-2024-43699

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

problemtype:SQL injection (CWE-89) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-010044 // NVD: CVE-2024-43699

PATCH

title:Patch for Delta Electronics DIAEnergie AM_RegReport.aspx SQL Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/652051

Trust: 0.6

sources: CNVD: CNVD-2025-01801

EXTERNAL IDS

db:NVDid:CVE-2024-43699

Trust: 3.2

db:ICS CERTid:ICSA-24-277-03

Trust: 2.4

db:JVNid:JVNVU95461170

Trust: 0.8

db:JVNDBid:JVNDB-2024-010044

Trust: 0.8

db:CNVDid:CNVD-2025-01801

Trust: 0.6

sources: CNVD: CNVD-2025-01801 // JVNDB: JVNDB-2024-010044 // NVD: CVE-2024-43699

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-03

Trust: 2.4

url:https://www.deltaww.com/en-us/cybersecurity_advisory

Trust: 1.8

url:https://jvn.jp/vu/jvnvu95461170/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-43699

Trust: 0.8

sources: CNVD: CNVD-2025-01801 // JVNDB: JVNDB-2024-010044 // NVD: CVE-2024-43699

SOURCES

db:CNVDid:CNVD-2025-01801
db:JVNDBid:JVNDB-2024-010044
db:NVDid:CVE-2024-43699

LAST UPDATE DATE

2025-01-24T22:46:53.523000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-01801date:2025-01-20T00:00:00
db:JVNDBid:JVNDB-2024-010044date:2024-10-09T05:05:00
db:NVDid:CVE-2024-43699date:2024-10-08T15:44:29.183

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-01801date:2025-01-21T00:00:00
db:JVNDBid:JVNDB-2024-010044date:2024-10-09T00:00:00
db:NVDid:CVE-2024-43699date:2024-10-03T23:15:03.490