{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/eems-enterprise-power-operation-and-maintenance-cloud-platform-3000webv2/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-9523"}],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2026-9523","web-application"],"_cs_type":"threat","_cs_vendors":["Acrel Electrical"],"content_html":"\u003cp\u003eAcrel Electrical\u0026rsquo;s EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2 is vulnerable to SQL injection. The vulnerability, identified as CVE-2026-9523, allows an attacker to execute arbitrary SQL commands by manipulating the \u003ccode\u003esort\u003c/code\u003e argument in a specific file path. This flaw was found in the \u003ccode\u003e/SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree\u003c/code\u003e endpoint. The vulnerability is remotely exploitable and has a CVSS v3.1 base score of 7.3. This issue is considered high risk because successful exploitation can lead to unauthorized data access, modification, or even complete system compromise. Despite attempts to contact the vendor, no response has been received, leaving users vulnerable to potential attacks. Public availability of the exploit code increases the risk of widespread exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP GET or POST request targeting the \u003ccode\u003e/SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a manipulated \u003ccode\u003esort\u003c/code\u003e parameter containing a SQL injection payload.\u003c/li\u003e\n\u003cli\u003eThe application fails to properly sanitize the \u003ccode\u003esort\u003c/code\u003e parameter, passing the malicious SQL code to the database.\u003c/li\u003e\n\u003cli\u003eThe database executes the attacker-supplied SQL code.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves sensitive information from the database, such as user credentials or system configurations.\u003c/li\u003e\n\u003cli\u003eThe attacker may escalate privileges by injecting SQL code to create new administrative accounts.\u003c/li\u003e\n\u003cli\u003eThe attacker gains full control of the application and underlying system, potentially leading to data exfiltration or service disruption.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to a full compromise of the affected Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. This can result in unauthorized access to sensitive data, including customer information, operational data, and system configurations. Attackers can modify or delete data, disrupt services, or use the compromised system as a launchpad for further attacks. The lack of vendor response exacerbates the risk, as users are left without official patches or mitigation guidance. The public availability of exploit code increases the likelihood of widespread attacks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server logs for requests targeting \u003ccode\u003e/SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree\u003c/code\u003e with suspicious characters or SQL keywords in the \u003ccode\u003esort\u003c/code\u003e parameter to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-9523 Exploitation Attempt via Malicious sort Parameter\u0026rdquo; to identify suspicious HTTP requests.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003esort\u003c/code\u003e parameter to prevent SQL injection attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T14:27:03Z","date_published":"2026-05-26T14:27:03Z","id":"https://feed.craftedsignal.io/briefs/2026-05-acrel-sql-injection/","summary":"A SQL injection vulnerability (CVE-2026-9523) exists in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2, where manipulating the 'sort' argument in the '/SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree' file leads to remote code execution, and is publicly known and actively exploited.","title":"Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform SQL Injection Vulnerability (CVE-2026-9523)","url":"https://feed.craftedsignal.io/briefs/2026-05-acrel-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2","version":"https://jsonfeed.org/version/1.1"}