{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/acrel-electrical/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7694"}],"_cs_exploited":false,"_cs_products":["ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2026-7694","webserver"],"_cs_type":"advisory","_cs_vendors":["Acrel Electrical"],"content_html":"\u003cp\u003eAcrel Electrical\u0026rsquo;s ECEMS Enterprise Microgrid Energy Efficiency Management System version 1.3.0 is vulnerable to SQL injection. The vulnerability resides in the \u003ccode\u003e/SubstationWEBV2/main/elecMaxMinAvgValue\u003c/code\u003e file, where manipulation of the \u003ccode\u003efCircuitids\u003c/code\u003e argument allows for the injection of arbitrary SQL commands. The vulnerability, identified as CVE-2026-7694, can be exploited remotely without authentication, posing a significant risk to systems exposed to the network. The vendor was notified but did not respond, and a public exploit is available, increasing the likelihood of exploitation. This flaw allows attackers to potentially access, modify, or delete sensitive data within the ECEMS database.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an accessible instance of Acrel ECEMS 1.3.0.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious SQL payload designed to extract sensitive information or modify the database.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP request to \u003ccode\u003e/SubstationWEBV2/main/elecMaxMinAvgValue\u003c/code\u003e with the SQL payload embedded in the \u003ccode\u003efCircuitids\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe ECEMS application fails to properly sanitize the \u003ccode\u003efCircuitids\u003c/code\u003e input.\u003c/li\u003e\n\u003cli\u003eThe application executes the attacker-supplied SQL query against the database.\u003c/li\u003e\n\u003cli\u003eThe database server processes the malicious query, potentially returning sensitive data or executing harmful commands.\u003c/li\u003e\n\u003cli\u003eThe attacker receives the output of the injected SQL query.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the extracted information for further malicious activities, such as data exfiltration, privilege escalation, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability could allow an attacker to read sensitive information from the ECEMS database, modify existing data, or even gain administrative access to the system. This could lead to the compromise of energy efficiency management data, potentially impacting grid stability and financial records. Given the lack of vendor response and the availability of a public exploit, organizations using the affected software are at high risk. The impact includes potential data breaches, system outages, and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server logs for suspicious requests to \u003ccode\u003e/SubstationWEBV2/main/elecMaxMinAvgValue\u003c/code\u003e containing potentially malicious SQL syntax within the \u003ccode\u003efCircuitids\u003c/code\u003e parameter (see Sigma rule \u0026ldquo;Detect Acrel ECEMS SQL Injection Attempt\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect SQL Injection Error Messages\u0026rdquo; to identify potential SQL injection attempts across all web applications.\u003c/li\u003e\n\u003cli\u003eApply input validation and sanitization to all user-supplied input, especially the \u003ccode\u003efCircuitids\u003c/code\u003e parameter in \u003ccode\u003e/SubstationWEBV2/main/elecMaxMinAvgValue\u003c/code\u003e, to prevent SQL injection.\u003c/li\u003e\n\u003cli\u003eConsider deploying a web application firewall (WAF) to filter out malicious requests targeting this vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-03T12:15:59Z","date_published":"2026-05-03T12:15:59Z","id":"/briefs/2026-05-acrel-sql-injection/","summary":"A SQL injection vulnerability in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0 allows remote attackers to execute arbitrary SQL commands by manipulating the 'fCircuitids' argument in the '/SubstationWEBV2/main/elecMaxMinAvgValue' file.","title":"Acrel ECEMS SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-acrel-sql-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7695"}],"_cs_exploited":false,"_cs_products":["EEMS Enterprise Power Operation and Maintenance Cloud Platform (1.3.0)"],"_cs_severities":["high"],"_cs_tags":["sql-injection","web-application","vulnerability"],"_cs_type":"advisory","_cs_vendors":["Acrel Electrical"],"content_html":"\u003cp\u003eA SQL injection vulnerability has been identified in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0. The vulnerability resides within the \u003ccode\u003e/SubstationWEBV2/main/elecMaxMinAvgValue\u003c/code\u003e file and is triggered by manipulating the \u003ccode\u003efCircuitids\u003c/code\u003e argument. This flaw allows remote attackers to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or complete system compromise. The vendor was notified about the vulnerability but did not provide a response. Given the publicly disclosed nature of the exploit, organizations using the affected software should take immediate steps to mitigate the risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an instance of Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 accessible over the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/SubstationWEBV2/main/elecMaxMinAvgValue\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eWithin the request, the attacker injects SQL code into the \u003ccode\u003efCircuitids\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe application improperly sanitizes the input, passing the malicious SQL code to the database.\u003c/li\u003e\n\u003cli\u003eThe database executes the injected SQL code.\u003c/li\u003e\n\u003cli\u003eThe attacker is able to retrieve sensitive data from the database, such as user credentials or system configurations.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen credentials to gain unauthorized access to other parts of the application.\u003c/li\u003e\n\u003cli\u003eThe attacker gains complete control of the application server, potentially leading to further compromise of the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability could allow attackers to access and modify sensitive data, potentially disrupting power operation and maintenance processes. Given that the software is used for enterprise power management, this could lead to significant financial losses, reputational damage, and potential safety hazards. The number of victims is currently unknown, but any organization utilizing the affected software (version 1.3.0 of Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform) is potentially at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server logs for suspicious requests to \u003ccode\u003e/SubstationWEBV2/main/elecMaxMinAvgValue\u003c/code\u003e containing unusual characters or SQL keywords in the \u003ccode\u003efCircuitids\u003c/code\u003e parameter to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious fCircuitids Parameter Manipulation\u003c/code\u003e to identify potentially malicious requests targeting the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures on the \u003ccode\u003efCircuitids\u003c/code\u003e parameter to prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eConsider using a Web Application Firewall (WAF) to filter out malicious requests targeting the vulnerable endpoint.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-29T12:00:00Z","date_published":"2024-01-29T12:00:00Z","id":"/briefs/2024-01-29-acrel-eems-sqli/","summary":"A SQL injection vulnerability exists in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 when manipulating the 'fCircuitids' argument in the '/SubstationWEBV2/main/elecMaxMinAvgValue' file, potentially allowing for remote code execution or data exfiltration.","title":"Acrel EEMS Enterprise Power Operation and Maintenance Cloud Platform SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-29-acrel-eems-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Acrel Electrical","version":"https://jsonfeed.org/version/1.1"}