Filtered by vendor Deltaww
Subscriptions
Filtered by product Diaenergie
Subscriptions
Total
67 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32983 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | ||||
| CVE-2021-32967 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. | ||||
| CVE-2021-32955 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. | ||||
| CVE-2021-31558 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 6.5 Medium |
| DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”. | ||||
| CVE-2021-23228 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.5 High |
| DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. | ||||
| CVE-2024-43699 | 1 Deltaww | 1 Diaenergie | 2024-10-08 | 9.8 Critical |
| Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product. | ||||
| CVE-2024-42417 | 1 Deltaww | 1 Diaenergie | 2024-10-08 | 8.8 High |
| Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product. | ||||