Login Sign Up

CVE-2022-1370

9.8 CRITICAL
Remote Code Execution SQL Injection

📋 TL;DR

Delta Electronics DIAEnergie versions before 1.8.02.004 contain a blind SQL injection vulnerability in the ReadREGbyID function. This allows attackers to execute arbitrary SQL queries, potentially accessing, modifying, or deleting database contents and executing system commands. Organizations using DIAEnergie for industrial energy management are affected.

💻 Affected Systems

Products:
  • Delta Electronics DIAEnergie
Versions: All versions prior to 1.8.02.004
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: DIAEnergie is industrial energy management software typically deployed in operational technology environments.

📦 What is this software?

Diaenergie by Deltaww

View all CVEs affecting Diaenergie →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary commands, exfiltrate sensitive industrial data, manipulate control systems, and pivot to other network segments.

🟠

Likely Case

Database compromise leading to data theft, manipulation of energy management data, and potential disruption of industrial operations.

🟢

If Mitigated

Limited impact with proper network segmentation, input validation, and database permissions restricting unauthorized access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit with readily available tools. The blind nature requires more effort but is still feasible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.02.004

Vendor Advisory: https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01

Restart Required: Yes

Instructions:

1. Download DIAEnergie version 1.8.02.004 from Delta Electronics. 2. Backup current configuration and database. 3. Install the update following vendor instructions. 4. Restart the DIAEnergie service. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate DIAEnergie systems from untrusted networks and internet access.

Web Application Firewall

all

Deploy WAF with SQL injection rules to block malicious requests.

🧯 If You Can't Patch

  • Implement strict network access controls to limit connections to DIAEnergie systems
  • Deploy intrusion detection systems monitoring for SQL injection patterns

🔍 How to Verify

Check if Vulnerable:

Check DIAEnergie version in application interface or installation directory. Versions below 1.8.02.004 are vulnerable.

Check Version:

Check DIAEnergie application interface or installation properties

Verify Fix Applied:

Confirm version is 1.8.02.004 or higher and test ReadREGbyID functionality with safe inputs.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed authentication attempts
  • Unexpected process executions

Network Indicators:

  • SQL injection patterns in HTTP requests to DIAEnergie
  • Unusual outbound connections from DIAEnergie server

SIEM Query:

source="DIAEnergie" AND (http_request="*ReadREGbyID*" AND (http_request="*' OR *" OR http_request="*;--*"))

📊 Metadata

CVE ID: CVE-2022-1370
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: May 2, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1370, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)