Acrel Electrical ECEMS SQLi (CVE-2026-7694) Exposes Microgrid Systems

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-74cwe-89
Acrel Electrical ECEMS SQLi (CVE-2026-7694) Exposes Microgrid Systems

A high-severity SQL injection vulnerability, tracked as CVE-2026-7694, has been identified in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System version 1.3.0. According to the National Vulnerability Database, this flaw resides in an unspecified function within the /SubstationWEBV2/main/elecMaxMinAvgValue file, allowing remote attackers to execute SQL injection by manipulating the fCircuitids argument.

The National Vulnerability Database reports a CVSS score of 7.3 (HIGH) for this vulnerability, with an attack vector that is network-exploitable and requires no privileges or user interaction. The exploit code has been publicly released, significantly increasing the risk of widespread exploitation. The vendor, Acrel Electrical, was reportedly contacted prior to disclosure but has not provided a response.

This is a critical issue for any organization utilizing Acrel Electrical ECEMS. An unauthenticated, remote SQL injection allows attackers to potentially extract sensitive data, modify database content, or even achieve remote code execution in some configurations. Given the system’s role in managing enterprise microgrids, successful exploitation could lead to severe operational disruptions, data exfiltration, and compromise of critical infrastructure components.

What This Means For You

  • If your organization relies on Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0, you must immediately assess your exposure to CVE-2026-7694. This is a remote, unauthenticated SQL injection with public exploit code. Isolate these systems from public networks, apply compensating controls, and pressure Acrel Electrical for a patch. Assume compromise if you cannot confirm mitigation.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component: Web Shell Persistence T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

SQL Injection in Acrel ECEMS fCircuitids Parameter — CVE-2026-7694

Sigma YAML — free preview 
title: SQL Injection in Acrel ECEMS fCircuitids Parameter — CVE-2026-7694
id: scw-2026-05-03-ai-1
status: experimental
level: critical
description: |
  This rule detects attempts to exploit CVE-2026-7694 by identifying SQL injection attempts targeting the '/SubstationWEBV2/main/elecMaxMinAvgValue' endpoint. It specifically looks for the 'fCircuitids' parameter being manipulated with common SQL injection payloads like ' OR '1'='1', ' UNION SELECT', or ' OR 1=1 --'. This is a critical detection for initial access via web exploitation.
author: SCW Feed Engine (AI-generated)
date: 2026-05-03
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-7694/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/SubstationWEBV2/main/elecMaxMinAvgValue'
      cs-uri-query|contains:
          - 'fCircuitids'
      cs-uri-query|contains:
          - "' OR '1'='1" 
      cs-uri-query|contains:
          - "' UNION SELECT"
      cs-uri-query|contains:
          - "' OR 1=1 --"
      condition: cs-uri AND cs-uri-query AND cs-uri-query AND cs-uri-query
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-7694 SQLi Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0
CVE-2026-7694 SQLi /SubstationWEBV2/main/elecMaxMinAvgValue
CVE-2026-7694 SQLi argument fCircuitids

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 03, 2026 at 15:15 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-7696 — Acrel Electrical EEMS Enterprise Power Operation And Mainten Unrestricted File Upload

CVE-2026-7696 — A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the...

vulnerabilityCVEmedium-severityunrestricted-file-uploadcwe-284cwe-434
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 3 Sigma

Acrel Electrical EEMS Platform Hit by High-Severity SQL Injection

CVE-2026-7695 — A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of...

vulnerabilityCVEhigh-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-7692 — Wavlink WL-WN570HA1 R70HA1 V1410_221110 Command Injection

CVE-2026-7692 — A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. The affected element is the function ping_ddns of the file /cgi-bin/adm.cgi. Performing a manipulation...

vulnerabilityCVEmedium-severitycommand-injectioncwe-74cwe-77
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 5 Sigma