CVE-2022-43775: SQL Injection
First published: Wed Oct 26 2022(Updated: )
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
Credit: vulnreport@tenable.com vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Deltaww Diaenergie | =1.9.0 | |
| =1.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-43775?
The severity of CVE-2022-43775 is critical with a CVSS score of 9.8.
What is the affected software for CVE-2022-43775?
The affected software for CVE-2022-43775 is Delta Electronics DIAEnergy v1.9.
How does the SQL Injection flaw in CVE-2022-43775 work?
The SQL Injection flaw in CVE-2022-43775 allows an attacker to execute arbitrary SQL queries, potentially gaining unauthorized access or control over the affected system.
Can an attacker exploit the SQL Injection flaw remotely?
Yes, an attacker can exploit the SQL Injection flaw in CVE-2022-43775 remotely, allowing them to gain code execution on a remote system.
Is there a fix available for CVE-2022-43775?
At the moment, there is no known fix or patch available for CVE-2022-43775. It is recommended to apply mitigations or contact the vendor for further guidance.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/deltaww
- canonical/deltaww diaenergie
- version/deltaww diaenergie/1.9.0