ICS Delta Industrial Automation DIAEnergie DIAE_tagHandler.ashx SQL Injection (CVE-2024-25937)

Rule ID

1234858

Severity

High

Description

An SQL injection vulnerability has been reported for Delta Industrial Automation DIAEnergie. This vulnerability is due to improper input validation in the DIAE_tagHandler.ashx script.A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in SQL injection.

Impact

SQL injection

Recommendation

Update vendor's patch.

IPS Category

ICS threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2024-25937

ICSA-24-074-12

T1190

T0819

T1505

T1059

T0853

Keywords

N/A

Date Created

2024/05/06

Last Updated

2026/01/13

This website uses cookies to ensure you get the best experience on our website.