Acrel Electrical EEMS Platform Hit by High-Severity SQL Injection

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-74cwe-89
Acrel Electrical EEMS Platform Hit by High-Severity SQL Injection

The National Vulnerability Database has disclosed CVE-2026-7695, a high-severity SQL injection vulnerability impacting Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0. This flaw, rated 7.3 CVSS, stems from improper handling of the fCircuitids argument within the /SubstationWEBV2/main/elecMaxMinAvgValue file, allowing remote attackers to execute arbitrary SQL commands.

This isn’t a theoretical risk; the exploit details are publicly available. Attackers can leverage this to bypass authentication, extract sensitive data, or even gain control over the underlying database. The fact that the vendor, Acrel Electrical, reportedly did not respond to early disclosure attempts is a significant red flag, indicating a potential lack of urgency in addressing critical security flaws.

For defenders, this is a clear call to action. SQL injection remains a top attack vector due to its high impact and relative ease of exploitation. When a vendor is unresponsive, the burden shifts entirely to the end-user to mitigate the risk, often requiring isolation or removal of the vulnerable system until a patch or viable workaround emerges.

What This Means For You

  • If your organization uses Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0, you are exposed to remote SQL injection via CVE-2026-7695. Immediately isolate or take this platform offline until a patch is available. Audit logs for any suspicious activity related to `elecMaxMinAvgValue` or `fCircuitids` parameters.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component Initial Access T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-7695 - Acrel EEMS SQL Injection via fCircuitids

Sigma YAML — free preview 
title: CVE-2026-7695 - Acrel EEMS SQL Injection via fCircuitids
id: scw-2026-05-03-ai-1
status: experimental
level: high
description: |
  Detects exploitation attempts against Acrel Electrical EEMS Platform CVE-2026-7695. This rule specifically looks for requests to the vulnerable endpoint '/SubstationWEBV2/main/elecMaxMinAvgValue' where the 'fCircuitids' parameter contains common SQL injection patterns like ' OR SLEEP(1=1)' indicating a time-based blind SQL injection attempt.
author: SCW Feed Engine (AI-generated)
date: 2026-05-03
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-7695/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri: 
          - '/SubstationWEBV2/main/elecMaxMinAvgValue'
      cs-uri-query|contains:
          - 'fCircuitids='
      cs-uri-query|contains:
          - ' OR '
      cs-uri-query|contains:
          - 'SLEEP('
      cs-uri-query|contains:
          - '1=1'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-7695 SQLi Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0
CVE-2026-7695 SQLi Vulnerable file: /SubstationWEBV2/main/elecMaxMinAvgValue
CVE-2026-7695 SQLi Vulnerable argument: fCircuitids

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 03, 2026 at 16:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

Tiandy Easy7 RCE: Unauthenticated OS Command Injection via updateDbBackupInfo

CVE-2026-7698 — A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo....

vulnerabilityCVEhigh-severitycommand-injectioncwe-77cwe-78
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 3 IOCs /⚙ 2 Sigma

CVE-2026-7697 — SQL Injection

CVE-2026-7697 — A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhand_submit.php. This manipulation of...

vulnerabilityCVEmedium-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /MEDIUM /4.7 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-7696 — Acrel Electrical EEMS Enterprise Power Operation And Mainten Unrestricted File Upload

CVE-2026-7696 — A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the...

vulnerabilityCVEmedium-severityunrestricted-file-uploadcwe-284cwe-434
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 3 Sigma