Login Sign Up

CVE-2022-1372

9.8 CRITICAL
Remote Code Execution SQL Injection

📋 TL;DR

Delta Electronics DIAEnergie versions before 1.8.02.004 contain a blind SQL injection vulnerability in the dlSlog.aspx component. This allows attackers to execute arbitrary SQL queries, potentially accessing, modifying, or deleting database contents and executing system commands. Organizations using DIAEnergie for industrial energy management are affected.

💻 Affected Systems

Products:
  • Delta Electronics DIAEnergie
Versions: All versions prior to 1.8.02.004
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: DIAEnergie is typically deployed on Windows systems in industrial environments for energy management.

📦 What is this software?

Diaenergie by Deltaww

View all CVEs affecting Diaenergie →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal sensitive industrial data, manipulate energy management systems, and pivot to other network segments.

🟠

Likely Case

Database compromise leading to data theft, manipulation of energy management data, and potential disruption of industrial operations.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection vulnerabilities are commonly exploited and this affects a web interface component.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.02.004

Vendor Advisory: https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01

Restart Required: Yes

Instructions:

1. Download DIAEnergie version 1.8.02.004 from Delta Electronics. 2. Backup current installation and data. 3. Install the updated version following vendor instructions. 4. Restart the DIAEnergie service and verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate DIAEnergie systems from untrusted networks and internet access

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

🧯 If You Can't Patch

  • Implement strict network access controls to limit connections to DIAEnergie systems
  • Monitor for SQL injection attempts in web server logs and implement intrusion detection

🔍 How to Verify

Check if Vulnerable:

Check DIAEnergie version in application interface or installation directory

Check Version:

Check application interface or consult vendor documentation for version verification

Verify Fix Applied:

Confirm version is 1.8.02.004 or later and test dlSlog.aspx functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts or SQL errors in web server logs
  • Unexpected access to dlSlog.aspx

Network Indicators:

  • SQL injection patterns in HTTP requests to dlSlog.aspx
  • Unusual outbound connections from DIAEnergie system

SIEM Query:

source="web_server" AND (url="*dlSlog.aspx*" AND (message="*sql*" OR message="*injection*" OR status=500))

📊 Metadata

CVE ID: CVE-2022-1372
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: May 2, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1372, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)