Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistIcscertCVELIST:CVE-2021-38390
HistoryAug 30, 2021 - 5:33 p.m.

CVE-2021-38390

2021-08-3017:33:30
CWE-89
icscert
www.cve.org

0.002 Low

EPSS

Percentile

61.4%

JSON

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.

CNA Affected

[
  {
    "product": "Delta Electronics DIAEnergie",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "DIAEnergie Version 1.7.5 and prior"
      }
    ]
  }
]

Related

prion 1
cnvd 1
nvd 1
cve 1
ics 1
prion
prion
Sql injection
2021-08-30 18:15:00
cnvd
cnvd
DIAEnergie SQL Blind Injection Vulnerability (CNVD-2021-93916)
2021-08-27 00:00:00
nvd
nvd
CVE-2021-38390
2021-08-30 18:15:09
cve
cve
CVE-2021-38390
2021-08-30 18:15:09
ics
ics
Delta Electronics DIAEnergie (Update C)
2022-08-02 12:00:00

0.002 Low

EPSS

Percentile

61.4%

JSON
Related for CVELIST:CVE-2021-38390
prion1cnvd1nvd1cve1ics1