Sign-up

ID

VAR-202405-0030


CVE

CVE-2024-4548


TITLE

Delta Electronics, INC.  of  DIAEnergie  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-025529

DESCRIPTION

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, a Taiwanese company, used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency. Delta Electronics DIAEnergie v1.10.1.8610 and earlier versions have a SQL injection vulnerability

Trust: 2.16

sources: NVD: CVE-2024-4548 // JVNDB: JVNDB-2024-025529 // CNVD: CNVD-2024-29663

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-29663

AFFECTED PRODUCTS

vendor:deltawwmodel:diaenergiescope:ltversion:1.10.01.004

Trust: 1.0

vendor:deltamodel:diaenergiescope:eqversion: -

Trust: 0.8

vendor:deltamodel:diaenergiescope:eqversion:1.10.01.004

Trust: 0.8

vendor:deltamodel:diaenergiescope: - version: -

Trust: 0.8

vendor:deltamodel:electronics delta electronics diaenergiescope:lteversion:<=1.10.1.8610

Trust: 0.6

sources: CNVD: CNVD-2024-29663 // JVNDB: JVNDB-2024-025529 // NVD: CVE-2024-4548

CVSS

SEVERITY

CVSSV2

CVSSV3

vulnreport@tenable.com: CVE-2024-4548
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2024-025529
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-29663
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-29663
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

vulnreport@tenable.com: CVE-2024-4548
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-025529
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-29663 // JVNDB: JVNDB-2024-025529 // NVD: CVE-2024-4548

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [ others ]

Trust: 0.8

problemtype:SQL injection (CWE-89) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-025529 // NVD: CVE-2024-4548

PATCH

title:Patch for Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2024-29663)url:https://www.cnvd.org.cn/patchInfo/show/563801

Trust: 0.6

sources: CNVD: CNVD-2024-29663

EXTERNAL IDS

db:NVDid:CVE-2024-4548

Trust: 3.2

db:TENABLEid:TRA-2024-13

Trust: 2.4

db:JVNDBid:JVNDB-2024-025529

Trust: 0.8

db:CNVDid:CNVD-2024-29663

Trust: 0.6

sources: CNVD: CNVD-2024-29663 // JVNDB: JVNDB-2024-025529 // NVD: CVE-2024-4548

REFERENCES

url:https://www.tenable.com/security/research/tra-2024-13

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2024-4548

Trust: 0.8

sources: CNVD: CNVD-2024-29663 // JVNDB: JVNDB-2024-025529 // NVD: CVE-2024-4548

SOURCES

db:CNVDid:CNVD-2024-29663
db:JVNDBid:JVNDB-2024-025529
db:NVDid:CVE-2024-4548

LAST UPDATE DATE

2025-07-04T23:31:37.699000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-29663date:2024-06-28T00:00:00
db:JVNDBid:JVNDB-2024-025529date:2025-07-01T07:19:00
db:NVDid:CVE-2024-4548date:2025-06-27T14:44:50.180

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-29663date:2024-06-28T00:00:00
db:JVNDBid:JVNDB-2024-025529date:2025-07-01T00:00:00
db:NVDid:CVE-2024-4548date:2024-05-06T14:15:08.533