CVE-2024-43699

Delta Electronics DIAEnergie SQL Injection

Description

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.

Remediation

Solution:

Delta recommends users update to DIAEnergie v1.10.01.009. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents. https://www.deltaww.com/en-US/customerService For more information on this issue, please see the Delta product cybersecurity advisory. https://www.deltaww.com/en-US/Cybersecurity_Advisory

References

Link	Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-03	third party advisory us government resource
https://www.deltaww.com/en-US/Cybersecurity_Advisory	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-43699?: CVE-2024-43699 has been scored as a critical severity vulnerability.
How to fix CVE-2024-43699?: To fix CVE-2024-43699: Delta recommends users update to DIAEnergie v1.10.01.009. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents. https://www.deltaww.com/en-US/customerService For more information on this issue, please see the Delta product cybersecurity advisory. https://www.deltaww.com/en-US/Cybersecurity_Advisory
Is CVE-2024-43699 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-43699 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-43699?: CVE-2024-43699 affects Delta Electronics DIAEnergie.

Description

Remediation

Category

CWE-89 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

References

Frequently Asked Questions