HTTP: Delta Industrial Automation DIAEnergie Multiple SQL Injection

This signature detects attempts to exploit a known vulnerability against Delta. A successful attack can lead to command injection and arbitrary code execution.

Extended Description

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Affected Products

Deltaww diaenergie

Short Name
HTTP:SQL:INJ:DELTA-IADH-SQLI
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Automation CVE-2021-32983 CVE-2021-38390 CVE-2021-38391 CVE-2021-38393 CVE-2022-1366 CVE-2022-1367 CVE-2022-1378 CVE-2022-26013 CVE-2022-26887 CVE-2022-40965 CVE-2022-40967 CVE-2022-41773 DIAEnergie Delta Industrial Injection Multiple SQL
Release Date
09/14/2021
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3700
False Positive
Unknown
Vendors

Deltaww

CVSS Score

10.0

Found a potential security threat?