CVE-2024-0851

CRITICAL

Grup Arge Energy and Control Systems Smartpower <V24.05.27 - SQL In...

Title source: llm
STIX 2.1

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Grup Arge Energy and Control Systems Smartpower allows SQL Injection. This issue affects Smartpower: through V24.05.27.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource government-resource broken-link
https://www.usom.gov.tr/bildirim/tr-24-0556

Scores

CVSS v4 10.0
EPSS 0.0040
EPSS Percentile 32.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
Grup Arge Energy and Control Systems/Smartpower < V24.05.27
Published May 27, 2024
Tracked Since Feb 18, 2026