CVE-2022-26666

Name of the Vulnerable Software and Affected Versions Delta Electronics DIAEnergie versions prior to 1.8.02.004

Description A blind SQL injection issue exists in HandlerECC.ashx (also referred to as HandlerDialogECC.ashx), allowing an attacker to inject arbitrary SQL queries. This enables the retrieval and modification of database contents, as well as the execution of system commands.

Recommendations For versions prior to 1.8.02.004, update to version 1.8.02.004 or later to resolve the issue. As a temporary workaround, consider restricting access to the HandlerECC.ashx (or HandlerDialogECC.ashx) endpoint to minimize the risk of exploitation.