Filtered by vendor Deltaww
Subscriptions
Filtered by product Diaenergie
Subscriptions
Total
68 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1377 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2022-1378 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2024-25574 | 1 Deltaww | 1 Diaenergie | 2025-02-27 | 8.8 High |
| SQL injection vulnerability exists in GetDIAE_usListParameters. | ||||
| CVE-2024-34033 | 1 Deltaww | 1 Diaenergie | 2025-01-30 | 8.8 High |
| Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten. | ||||
| CVE-2024-34032 | 1 Deltaww | 1 Diaenergie | 2025-01-30 | 8.8 High |
| Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed. | ||||
| CVE-2024-34031 | 1 Deltaww | 1 Diaenergie | 2025-01-30 | 8.8 High |
| Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed. | ||||
| CVE-2024-25937 | 1 Deltaww | 1 Diaenergie | 2025-01-24 | 8.8 High |
| SQL injection vulnerability exists in the script DIAE_tagHandler.ashx. | ||||
| CVE-2023-0822 | 1 Deltaww | 1 Diaenergie | 2025-01-16 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. | ||||
| CVE-2024-28029 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.8 High |
| Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality. | ||||
| CVE-2022-43775 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | ||||
| CVE-2022-43774 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | ||||
| CVE-2022-43457 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.8 High |
| SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-3214 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. | ||||
| CVE-2022-33005 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. | ||||
| CVE-2021-44544 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.5 High |
| DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. | ||||
| CVE-2021-44471 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.5 High |
| DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. | ||||
| CVE-2021-38393 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | ||||
| CVE-2021-38391 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | ||||
| CVE-2021-38390 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | ||||
| CVE-2021-33003 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 5.5 Medium |
| Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. | ||||