Sign-up

ID

VAR-202405-0028


CVE

CVE-2024-4547


TITLE

Delta Electronics, INC.  of  DIAEnergie  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-025635

DESCRIPTION

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker can use this vulnerability to view, add, modify, or delete information in the backend database

Trust: 2.16

sources: NVD: CVE-2024-4547 // JVNDB: JVNDB-2024-025635 // CNVD: CNVD-2025-01804

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-01804

AFFECTED PRODUCTS

vendor:deltawwmodel:diaenergiescope:ltversion:1.10.01.004

Trust: 1.0

vendor:deltamodel:diaenergiescope: - version: -

Trust: 0.8

vendor:deltamodel:diaenergiescope:eqversion:1.10.01.004

Trust: 0.8

vendor:deltamodel:diaenergiescope:eqversion: -

Trust: 0.8

vendor:deltamodel:electronics diaenergiescope:lteversion:<=1.10.1.8610

Trust: 0.6

sources: CNVD: CNVD-2025-01804 // JVNDB: JVNDB-2024-025635 // NVD: CVE-2024-4547

CVSS

SEVERITY

CVSSV2

CVSSV3

vulnreport@tenable.com: CVE-2024-4547
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2024-025635
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-01804
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-01804
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

vulnreport@tenable.com: CVE-2024-4547
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-025635
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-01804 // JVNDB: JVNDB-2024-025635 // NVD: CVE-2024-4547

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [ others ]

Trust: 0.8

problemtype:SQL injection (CWE-89) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-025635 // NVD: CVE-2024-4547

PATCH

title:Patch for Delta Electronics DIAEnergie SQL Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/652066

Trust: 0.6

sources: CNVD: CNVD-2025-01804

EXTERNAL IDS

db:NVDid:CVE-2024-4547

Trust: 3.2

db:TENABLEid:TRA-2024-13

Trust: 2.4

db:JVNDBid:JVNDB-2024-025635

Trust: 0.8

db:CNVDid:CNVD-2025-01804

Trust: 0.6

sources: CNVD: CNVD-2025-01804 // JVNDB: JVNDB-2024-025635 // NVD: CVE-2024-4547

REFERENCES

url:https://www.tenable.com/security/research/tra-2024-13

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2024-4547

Trust: 0.8

sources: CNVD: CNVD-2025-01804 // JVNDB: JVNDB-2024-025635 // NVD: CVE-2024-4547

SOURCES

db:CNVDid:CNVD-2025-01804
db:JVNDBid:JVNDB-2024-025635
db:NVDid:CVE-2024-4547

LAST UPDATE DATE

2025-07-04T23:31:37.678000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-01804date:2025-01-20T00:00:00
db:JVNDBid:JVNDB-2024-025635date:2025-07-02T06:58:00
db:NVDid:CVE-2024-4547date:2025-06-27T14:44:45.050

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-01804date:2025-01-21T00:00:00
db:JVNDBid:JVNDB-2024-025635date:2025-07-02T00:00:00
db:NVDid:CVE-2024-4547date:2024-05-06T14:15:08.330