CVE-2026-9523 | Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform getCalcmeterDetailDayListTree sql injection

A vulnerability, which was classified as critical, has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree. Performing a manipulation of the argument sort results in sql injection.

This vulnerability is identified as CVE-2026-9523. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More