ICS Delta Industrial Automation DIAEnergie Handler_CFG.ashx SQL Injection (CVE-2024-28891)

Rule ID

1234915

Severity

High

Description

An SQL injection vulnerability has been reported for Delta Industrial Automation DIAEnergie. This vulnerability is due to improper input validation in the Handler_CFG.ashx script. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting these vulnerabilities could result in SQL injection or, in the worst case, remote code execution in the context of MSSQLSERVER

Impact

SQL injection

Recommendation

Update vendor's patch.

IPS Category

ICS threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2024-28891

ICSA-24-074-12

T1190

T0819

T1505

T1059

T0853

Keywords

N/A

Date Created

2024/05/13

Last Updated

2026/01/16

This website uses cookies to ensure you get the best experience on our website.