Details of VAR-202403-0790

ID

VAR-202403-0790

CVE

CVE-2024-23494

TITLE

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2025-06627)

Trust: 0.6

sources: CNVD: CNVD-2025-06627

DESCRIPTION

SQL injection vulnerability exists in GetDIAE_unListParameters. Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, a Taiwanese company, used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency. Delta Electronics DIAEnergie versions prior to v1.10.00.005 have a SQL injection vulnerability that allows attackers to view, add, modify, or delete information in the backend database

Trust: 1.44

sources: NVD: CVE-2024-23494 // CNVD: CNVD-2025-06627

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-06627

AFFECTED PRODUCTS

vendor:

delta

model:

electronics diaenergie

scope:

version:

1.10.00.005

Trust: 0.6

sources: CNVD: CNVD-2025-06627

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2024-23494
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-06627
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-06627
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

ics-cert@hq.dhs.gov:	CVE-2024-23494
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-06627 // NVD: CVE-2024-23494

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.0

sources: NVD: CVE-2024-23494

PATCH

title:

Patch for Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2025-06627)

url:

https://www.cnvd.org.cn/patchInfo/show/676721

Trust: 0.6

sources: CNVD: CNVD-2025-06627

EXTERNAL IDS

db:	NVD	id:	CVE-2024-23494	Trust: 1.6
db:	ICS CERT	id:	ICSA-24-074-12	Trust: 1.0
db:	CNVD	id:	CNVD-2025-06627	Trust: 0.6

sources: CNVD: CNVD-2025-06627 // NVD: CVE-2024-23494

REFERENCES

url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12	Trust: 1.0
url:	https://cxsecurity.com/cveshow/cve-2024-23494/	Trust: 0.6

sources: CNVD: CNVD-2025-06627 // NVD: CVE-2024-23494

SOURCES

db:	CNVD	id:	CNVD-2025-06627
db:	NVD	id:	CVE-2024-23494

LAST UPDATE DATE

2025-04-10T23:01:49.336000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-06627	date:	2025-04-08T00:00:00
db:	NVD	id:	CVE-2024-23494	date:	2024-03-22T12:45:36.130

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-06627	date:	2025-04-08T00:00:00
db:	NVD	id:	CVE-2024-23494	date:	2024-03-21T23:15:09.590