ICS Delta Industrial Automation DIAEnergie DIAE_dmdsetHandler.ashx order_by SQL Injection (CVE-2022-26013)

Rule ID

1231683

Severity

Critical

Description

An SQL injection has been reported in Delta Industrial Automation DIAEnergie. The vulnerability is due to lack of validation when processing order_by parameter in DIAE_dmdsetHandler.ashx endpoint.

Impact

SQL injection

Recommendation

Update vendor's patch.

IPS Category

ICS threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2022-26013

ICSA-22-081-01

T1190

T0819

T1059

T0853

Keywords

N/A

Date Created

2022/09/19

Last Updated

2026/02/03

This website uses cookies to ensure you get the best experience on our website.

Learn more