| शीर्षक | Acrel Electric Co., Ltd. Enterprise Microgrid Energy Efficiency Management System (ECEMS) 1.3.0 SQL Injection |
|---|
| विवरण | A critical unauthenticated SQL injection vulnerability was discovered in Acrel Electric Co., Ltd.'s Acrel Enterprise Microgrid Energy Efficiency Management System (ECEMS).
The vulnerability exists in the /SubstationWEBV2/main/elecMaxMinAvgValue endpoint, which is accessible to remote attackers without any prior authentication or user credentials. Due to a failure to effectively validate and filter user-controllable input, an attacker can transmit malicious SQL commands to the backend database.
Successful exploitation grants the attacker full unauthorized access to the database, allowing for the theft of sensitive energy infrastructure data, modification of system configurations, and potential disruption of microgrid operations. This poses a significant threat to critical infrastructure security. |
|---|
| स्रोत | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/WZMewApmsiT3PMkCJfzcASEznOb |
|---|
| उपयोगकर्ता | Anonymous User |
|---|
| सबमिशन | 13/04/2026 04:41 AM (2 महीनों पहले) |
|---|
| संयम | 02/05/2026 09:38 PM (20 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360863 [Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System elecMaxMinAvgValue SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|