Details of VAR-202403-0782

ID

VAR-202403-0782

CVE

CVE-2024-23975

TITLE

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2025-06624)

Trust: 0.6

sources: CNVD: CNVD-2025-06624

DESCRIPTION

SQL injection vulnerability exists in GetDIAE_slogListParameters. Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, a Taiwanese company, used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency. Delta Electronics DIAEnergie versions prior to v1.10.00.005 have a SQL injection vulnerability that allows attackers to view, add, modify, or delete information in the backend database

Trust: 1.44

sources: NVD: CVE-2024-23975 // CNVD: CNVD-2025-06624

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-06624

AFFECTED PRODUCTS

vendor:

delta

model:

electronics diaenergie

scope:

version:

1.10.00.005

Trust: 0.6

sources: CNVD: CNVD-2025-06624

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2024-23975
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-06624
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-06624
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

ics-cert@hq.dhs.gov:	CVE-2024-23975
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-06624 // NVD: CVE-2024-23975

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.0

sources: NVD: CVE-2024-23975

PATCH

title:

Patch for Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2025-06624)

url:

https://www.cnvd.org.cn/patchInfo/show/676706

Trust: 0.6

sources: CNVD: CNVD-2025-06624

EXTERNAL IDS

db:	NVD	id:	CVE-2024-23975	Trust: 1.6
db:	ICS CERT	id:	ICSA-24-074-12	Trust: 1.0
db:	CNVD	id:	CNVD-2025-06624	Trust: 0.6

sources: CNVD: CNVD-2025-06624 // NVD: CVE-2024-23975

REFERENCES

url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12	Trust: 1.0
url:	https://cxsecurity.com/cveshow/cve-2024-23975/	Trust: 0.6

sources: CNVD: CNVD-2025-06624 // NVD: CVE-2024-23975

SOURCES

db:	CNVD	id:	CNVD-2025-06624
db:	NVD	id:	CVE-2024-23975

LAST UPDATE DATE

2025-04-10T23:01:49.406000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-06624	date:	2025-04-08T00:00:00
db:	NVD	id:	CVE-2024-23975	date:	2024-03-22T12:45:36.130

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-06624	date:	2025-04-08T00:00:00
db:	NVD	id:	CVE-2024-23975	date:	2024-03-21T23:15:09.823