Vulnerabilities in Delta DIAEnergie Solution Put Enterprises at Risk of Ransomware Attacks

Vulnerabilities in Delta DIAEnergie Solution Put Enterprises at Risk of Ransomware Attacks

A number of critical vulnerabilities have been identified in Delta DIAEnergie's facility energy management solution that could have severe consequences for industrial plants when exploited.


Specifically, using these vulnerabilities, an attacker can remotely falsify monitoring data, disable alarms, or use a compromised system to carry out ransomware attacks.


In total, the solution contains eight problems, four of which are SQL injection vulnerabilities and can be exploited to remotely execute arbitrary code. Another vulnerability provides the ability to add a new user with administrator rights and gain access to the device.


The rest of the problems are related to the presence of an unencrypted password and can be used for cross-site request forgery (CSRF) attacks.


Although the solution maker Delta Electronics was informed of the problems in April this year, the vulnerabilities still remain unpatched. The corresponding patches are expected to be available on September 15th.


Previous Post Next Post