RULE(RULE ID:336839)

Rule General Information
Release Date: 2022-07-26
Rule Name: Delta Industrial Automation DIAEnergie DIAE_pgHandler.ashx GETOBJECT SQL Injection Vulnerability (CVE-2022-1378)
Severity:
CVE ID:
Rule Protection Details
Description: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Impact: An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.
Affected OS: Windows, Others
Reference: https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01
Solutions
The vendors have released upgrade patches to fix vulnerabilities, please visit:
https://www.deltaww.com/en/customerService