CVE-2026-7694

Name of the Vulnerable Software and Affected Versions Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System version 1.3.0

Description A remote SQL injection flaw exists in an unknown function within the file '/SubstationWEBV2/main/elecMaxMinAvgValue'. This issue occurs when the fCircuitids argument is manipulated, allowing an attacker to execute arbitrary SQL commands. SQL injection is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to or modification of the database.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the file '/SubstationWEBV2/main/elecMaxMinAvgValue' or avoid using the fCircuitids parameter to minimize the risk of exploitation.