Acrel ECEMS Microgrid Management System SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in the Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System version 1.3.0. The issue arises in an unknown function of the file '/SubstationWEBV2/main/elecMaxMinAvgValue', where manipulation of the 'fCircuitids' argument can be exploited. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for unauthorized SQL injection, which could lead to database manipulation or disclosure of sensitive information.

Added: May 3, 2026, 12:19 PM

Updated: May 3, 2026, 12:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

7.3

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

7.3

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Acrel ECEMS Microgrid Management System SQL Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating