Vendor

Acrel Electrical

3 briefs RSS

Acrel EEMS Enterprise Power Operation and Maintenance Cloud Platform Path Traversal Vulnerability (CVE-2026-9550)

A path traversal vulnerability (CVE-2026-9550) exists in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0, allowing remote attackers to access sensitive files by manipulating the path argument in the /SubstationWEBV2/app/..;/main/upfile component.

EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 path-traversal web-application cve

2r 1t 1c 3w ago

high threat

Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform SQL Injection Vulnerability (CVE-2026-9523)

1 rule 1 TTP 1 CVE

A SQL injection vulnerability (CVE-2026-9523) exists in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2, where manipulating the 'sort' argument in the '/SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree' file leads to remote code execution, and is publicly known and actively exploited.

exploited EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2 sql-injection cve-2026-9523 web-application

1r 1t 1c 3w ago

high advisory

Acrel EEMS Enterprise Power Operation and Maintenance Cloud Platform SQL Injection Vulnerability

2 rules 1 TTP 1 CVE

A SQL injection vulnerability exists in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 when manipulating the 'fCircuitids' argument in the '/SubstationWEBV2/main/elecMaxMinAvgValue' file, potentially allowing for remote code execution or data exfiltration.

EEMS Enterprise Power Operation and Maintenance Cloud Platform sql-injection web-application vulnerability

2r 1t 1c Jan 29, 2024