Check Point Reference: |
CPAI-2024-0222 |
Date Published: |
6 May 2024 |
Severity: |
Medium
|
Last Updated: |
Monday 06 May, 2024 |
Source: |
|
Industry Reference: | CVE-2024-28040
|
Protection Provided by: |
Security Gateway R81, R80, R77, R75 |
Who is Vulnerable? | Delta Electronics DIAEnergie prior to 1.10.00.005 |
Vulnerability Description |
An SQL injection vulnerability exists in Delta Industrial Automation DIAEnergie. This vulnerability is due to improper input validation in the GetDIAE_astListParameters component.Successfully exploiting this vulnerability could result in SQL injection or, in the worst case, remote code execution in the context of MSSQLSERVER. |