2024-05-06 13:51:07
tenable
PUBLISHED
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a RecalculateHDMWYC message, which is split into 4 fields using the ~ character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.