{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/eems-enterprise-power-operation-and-maintenance-cloud-platform-1.3.0/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7695"}],"_cs_exploited":false,"_cs_products":["EEMS Enterprise Power Operation and Maintenance Cloud Platform (1.3.0)"],"_cs_severities":["high"],"_cs_tags":["sql-injection","web-application","vulnerability"],"_cs_type":"advisory","_cs_vendors":["Acrel Electrical"],"content_html":"\u003cp\u003eA SQL injection vulnerability has been identified in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0. The vulnerability resides within the \u003ccode\u003e/SubstationWEBV2/main/elecMaxMinAvgValue\u003c/code\u003e file and is triggered by manipulating the \u003ccode\u003efCircuitids\u003c/code\u003e argument. This flaw allows remote attackers to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or complete system compromise. The vendor was notified about the vulnerability but did not provide a response. Given the publicly disclosed nature of the exploit, organizations using the affected software should take immediate steps to mitigate the risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an instance of Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 accessible over the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/SubstationWEBV2/main/elecMaxMinAvgValue\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eWithin the request, the attacker injects SQL code into the \u003ccode\u003efCircuitids\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe application improperly sanitizes the input, passing the malicious SQL code to the database.\u003c/li\u003e\n\u003cli\u003eThe database executes the injected SQL code.\u003c/li\u003e\n\u003cli\u003eThe attacker is able to retrieve sensitive data from the database, such as user credentials or system configurations.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen credentials to gain unauthorized access to other parts of the application.\u003c/li\u003e\n\u003cli\u003eThe attacker gains complete control of the application server, potentially leading to further compromise of the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability could allow attackers to access and modify sensitive data, potentially disrupting power operation and maintenance processes. Given that the software is used for enterprise power management, this could lead to significant financial losses, reputational damage, and potential safety hazards. The number of victims is currently unknown, but any organization utilizing the affected software (version 1.3.0 of Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform) is potentially at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server logs for suspicious requests to \u003ccode\u003e/SubstationWEBV2/main/elecMaxMinAvgValue\u003c/code\u003e containing unusual characters or SQL keywords in the \u003ccode\u003efCircuitids\u003c/code\u003e parameter to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious fCircuitids Parameter Manipulation\u003c/code\u003e to identify potentially malicious requests targeting the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures on the \u003ccode\u003efCircuitids\u003c/code\u003e parameter to prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eConsider using a Web Application Firewall (WAF) to filter out malicious requests targeting the vulnerable endpoint.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-29T12:00:00Z","date_published":"2024-01-29T12:00:00Z","id":"/briefs/2024-01-29-acrel-eems-sqli/","summary":"A SQL injection vulnerability exists in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 when manipulating the 'fCircuitids' argument in the '/SubstationWEBV2/main/elecMaxMinAvgValue' file, potentially allowing for remote code execution or data exfiltration.","title":"Acrel EEMS Enterprise Power Operation and Maintenance Cloud Platform SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-29-acrel-eems-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — EEMS Enterprise Power Operation and Maintenance Cloud Platform (1.3.0)","version":"https://jsonfeed.org/version/1.1"}