{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T02:07:27.046","vulnerabilities":[{"cve":{"id":"CVE-2021-38393","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2021-08-30T18:15:09.700","lastModified":"2024-11-21T06:16:59.210","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\\MSSQLSERVER."},{"lang":"es","value":"Se presenta una vulnerabilidad de inyección SQL ciega en el endpoint /DataHandler/HandlerAlarmGroup.ashx de Delta Electronics DIAEnergie versiones 1.7.5 y anteriores. La aplicación no comprueba apropiadamente el valor controlado por el usuario suministrado mediante el parámetro agid antes de usarlo como parte de una consulta SQL. Un atacante remoto no autenticado puede aprovechar este problema para ejecutar código arbitrario en el contexto de NT SERVICE\\MSSQLSERVER."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*","versionEndIncluding":"1.7.5","matchCriteriaId":"B201E2CD-43DB-4986-B032-5F411B4775BA"}]}]}],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}