Details of VAR-202405-0106

ID

VAR-202405-0106

CVE

CVE-2024-34032

TITLE

Delta Electronics, INC. of DIAEnergie In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-017835

DESCRIPTION

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 2.16

sources: NVD: CVE-2024-34032 // JVNDB: JVNDB-2024-017835 // CNVD: CNVD-2025-01805

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-01805

AFFECTED PRODUCTS

vendor:	deltaww	model:	diaenergie	scope:	eq	version:	1.10.00.005	Trust: 1.0
vendor:	delta	model:	diaenergie	scope:	-	version:	-	Trust: 0.8
vendor:	delta	model:	diaenergie	scope:	eq	version:	-	Trust: 0.8
vendor:	delta	model:	diaenergie	scope:	eq	version:	1.10.00.005	Trust: 0.8
vendor:	delta	model:	electronics diaenergie	scope:	eq	version:	1.10.00.005	Trust: 0.6

sources: CNVD: CNVD-2025-01805 // JVNDB: JVNDB-2024-017835 // NVD: CVE-2024-34032

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2024-34032
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-34032
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-34032
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-01805
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-01805
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

ics-cert@hq.dhs.gov:	CVE-2024-34032
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2024-34032
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-01805 // JVNDB: JVNDB-2024-017835 // NVD: CVE-2024-34032 // NVD: CVE-2024-34032

PROBLEMTYPE DATA

problemtype:	CWE-89	Trust: 1.0
problemtype:	SQL injection (CWE-89) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-017835 // NVD: CVE-2024-34032

PATCH

title:

Patch for Delta Electronics DIAEnergie GetDIACloudList SQL Injection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/652071

Trust: 0.6

sources: CNVD: CNVD-2025-01805

EXTERNAL IDS

db:	NVD	id:	CVE-2024-34032	Trust: 3.2
db:	ICS CERT	id:	ICSA-24-123-02	Trust: 2.4
db:	JVNDB	id:	JVNDB-2024-017835	Trust: 0.8
db:	CNVD	id:	CNVD-2025-01805	Trust: 0.6

sources: CNVD: CNVD-2025-01805 // JVNDB: JVNDB-2024-017835 // NVD: CVE-2024-34032

REFERENCES

url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-34032	Trust: 0.8

sources: CNVD: CNVD-2025-01805 // JVNDB: JVNDB-2024-017835 // NVD: CVE-2024-34032

SOURCES

db:	CNVD	id:	CNVD-2025-01805
db:	JVNDB	id:	JVNDB-2024-017835
db:	NVD	id:	CVE-2024-34032

LAST UPDATE DATE

2025-02-04T23:31:51.107000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-01805	date:	2025-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2024-017835	date:	2025-01-31T06:16:00
db:	NVD	id:	CVE-2024-34032	date:	2025-01-30T14:31:00.057

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-01805	date:	2025-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2024-017835	date:	2025-01-31T00:00:00
db:	NVD	id:	CVE-2024-34032	date:	2024-05-03T01:15:48.197