| tiêu đề | Acrel Electric Co., Ltd. EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 SQL Injection |
|---|
| Mô tả | A Critical unauthenticated SQL injection vulnerability has been identified in the Acrel EEMS Enterprise Power Operation and Maintenance Cloud Platform by Acrel Electric Co., Ltd.
The vulnerability is located within the /SubstationWEBV2/main/elecMaxMinAvgValue interface. Critically, this endpoint is exposed and accessible to remote attackers without any authentication or valid user sessions. Due to a fundamental failure to validate and filter user-controllable input, an attacker can transmit malicious SQL payloads to the backend database.
Successful exploitation grants the attacker full administrative access to the database, leading to the unauthorized extraction of sensitive power grid operational data, modification of system configurations, and potential disruption of critical energy management services. |
|---|
| Nguồn | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/QoXfwTAOiiYw2OkO0vAc7b7SnGg |
|---|
| Người dùng | Anonymous User |
|---|
| Đệ trình | 13/04/2026 04:59 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 02/05/2026 21:38 (20 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 360864 [Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform elecMaxMinAvgValue Tiêm SQL] |
|---|
| điểm | 20 |
|---|