CVE-2022-26338

Name of the Vulnerable Software and Affected Versions Delta Electronics DIAEnergie versions prior to 1.8.02.004

Description A blind SQL injection issue exists in the HandlerPageP KID.ashx and DIAE hierarchyHandler.ashx handlers. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Recommendations For versions prior to 1.8.02.004, update to version 1.8.02.004 or later to resolve the issue. As a temporary workaround, consider restricting access to the HandlerPageP KID.ashx and DIAE hierarchyHandler.ashx handlers until a patch is applied.