CVE-2021-38391

Name of the Vulnerable Software and Affected Versions Delta Electronics DIAEnergie versions 1.7.5 and prior

Description A Blind SQL injection issue exists due to improper validation of the type parameter in the "/DataHandler/AM/AM Handler.ashx" endpoint. This allows a remote, unauthenticated attacker to execute arbitrary code in the context of NT SERVICEMSSQLSERVER.

Recommendations For versions 1.7.5 and prior, update to a version that properly validates user-controlled input to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.