The update addresses this issue by adding the following protections: - Restricting the GetDIAE_line_message_settingsList parameters to the DIAEnergie vendor and DIAEnergie line settings end users. - Limiting the DIAEnergie line settings list to only DIAEnergie line settings. - Restricting DIAEnergie line settings list parameters to only DIAEnergie line settings. A low-privileged attacker could exploit this issue to inject SQL queries via the DIAEnergie line settings list. - Restricting DIAEnergie line settings list parameters to only DIAEnergie line settings. An authenticated DIAEnergie vendor or end user could exploit this issue to inject SQL queries via the DIAEnergie line settings list. - Restricting DIAEnergie line settings list parameters to only DIAEnergie line settings. An authenticated DIAEnergie vendor or end user could exploit this issue to inject SQL queries via the DIAEnergie line settings list. An authenticated DIAEnergie vendor could inject SQL queries via the DIAEnergie line settings list. - Restricting DIAEnergie line settings list parameters to only DIAEnergie line settings. An unauthenticated DIAEnergie vendor could exploit this issue to inject SQL queries via the DIAEnergie line settings list. - Restricting DIAEner

References: https://kb.mitre.org/data/definitions/CVE-2022-41133

https://kb.mitre.org/data/definitions/SQL-injection
The update addresses this issue by adding the following protections: - Restricting the GetDIAE_line_message_settingsList parameters to the DIAEnergie vendor and DIAEnergie line settings end users. - Limiting the DIAEnergie line settings list to only DIAEnergie line settings. - Restricting DIAEnergie line settings list parameters to only DIAEnergie line settings. An unauthenticated DIAEnergie vendor could exploit this issue to inject SQL queries via the DIAEnergie line settings list.

Summary

DIAEnergie line settings list contains a number of parameters that are used to update and configure DIAEnergie line settings. The update addresses this issue by restricting the GetDIAE_line_message_settingsList parameters to the DIAEnergie vendor and DIAEnergie line settings end users. A low-privileged attacker could exploit this issue to inject SQL queries via the DIAEnergie line settings list. An authenticated DIAEnergie vendor or end user could exploit this issue to inject SQL queries via the DIAEnergie line settings list. An authenticated DIAEnergie vendor could inject SQL queries via the DIAEnergie line settings list. An unauthenticated DIAEnergie vendor could exploit this issue to inject SQL queries via the DIAEnergie line settings list.

SQL Injection

SQL injection is an attack where attackers are able to enter and manipulate SQL queries. This type of attack can be delivered through a variety of vectors, including but not limited to XSS attacks, input validation errors, and security misconfiguration. This vulnerability allows attackers to bypass intended or designed restrictions on the DIAEnergie line settings list parameters.
The update addresses this issue by adding the following protections: - Restricting the GetDIAE_line_message_settingsList parameters to the DIAEnergie vendor and DIAEnergie line settings end users. - Limiting the DIAEnergie line settings list to only DIAEnergie line settings. - Restricting DIAEnergie line settings list parameters to only DIAEnergie line settings. A low-privileged attacker could exploit this issue to inject SQL queries via the DIAEnergie line settings list. - Restricting DIAEnergie line settings list parameters to only DIAEnergie line settings. An authenticated DIAEnergie vendor or end user could exploit this issue to inject SQL queries via the DIAEnergie line settings list. - Restricting DIAEnergie line settings list parameters to only DIAEnergie line settings. An authenticated DIAEnergie vendor or end user could exploit this issue to inject SQL queries via the DIAEnergee

Timeline

Published on: 10/27/2022 21:15:00 UTC
Last modified on: 10/28/2022 18:35:00 UTC

References