Deltaww CVEs and Security Vulnerabilities

Filtered by vendor Deltaww Subscriptions

Search

Switch to Advanced Search (Beta)

Total 234 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-26667	1 Deltaww	1 Diaenergie	2025-04-16	9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-27175	1 Deltaww	1 Diaenergie	2025-04-16	9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1366	1 Deltaww	1 Diaenergie	2025-04-16	9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1367	1 Deltaww	1 Diaenergie	2025-04-16	9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1369	1 Deltaww	1 Diaenergie	2025-04-16	9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1370	1 Deltaww	1 Diaenergie	2025-04-16	9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1371	1 Deltaww	1 Diaenergie	2025-04-16	9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1372	1 Deltaww	1 Diaenergie	2025-04-16	9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1374	1 Deltaww	1 Diaenergie	2025-04-16	9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1375	1 Deltaww	1 Diaenergie	2025-04-16	9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1376	1 Deltaww	1 Diaenergie	2025-04-16	9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1377	1 Deltaww	1 Diaenergie	2025-04-16	9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1378	1 Deltaww	1 Diaenergie	2025-04-16	9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1331	1 Deltaww	1 Dmars	2025-04-16	5.5 Medium
In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure.
CVE-2022-1404	1 Deltaww	1 Cncsoft	2025-04-16	3.3 Low
Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.
CVE-2022-2759	1 Deltaww	1 Delta Robot Automation Studio	2025-04-16	5.5 Medium
Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host.
CVE-2022-38142	1 Deltaww	1 Infrasuite Device Master	2025-04-16	9.8 Critical
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.
CVE-2022-41657	1 Deltaww	1 Infrasuite Device Master	2025-04-16	9.8 Critical
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be used in API operations and could ultimately result in remote code execution.
CVE-2022-41772	1 Deltaww	1 Infrasuite Device Master	2025-04-16	9.8 Critical
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution.
CVE-2022-40202	1 Deltaww	1 Infrasuite Device Master	2025-04-16	9.8 Critical
The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication. This function allows the user to designate all function arguments and the file to be executed. This could allow the attacker to start any new process and achieve remote code execution.

« first previous Page 3 of 12. next last »