PT-2026-43179 · Acrel Electrical · Eems Enterprise Power Operation/Maintenance Cloud Platform

Bigbrother_Man

Published

2026-05-26

Updated

2026-05-26

CVE-2026-9523

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree. Performing a manipulation of the argument sort results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploit

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-9523

Affected Products

Eems Enterprise Power Operation/Maintenance Cloud Platform

CVE-2026-9523

Weakness Enumeration

Related Identifiers

Affected Products

References · 4