Filtered by vendor Deltaww
Subscriptions
Total
233 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43815 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 7.1 High |
| A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wScreenDESCTextLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution. | ||||
| CVE-2023-39226 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 9.8 Critical |
| In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet. | ||||
| CVE-2023-34347 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 9.8 Critical |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code. | ||||
| CVE-2023-0444 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privileged user to log in as an administrator. | ||||
| CVE-2022-43775 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | ||||
| CVE-2022-43774 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | ||||
| CVE-2022-43506 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.8 High |
| SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-43457 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.8 High |
| SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-43452 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.8 High |
| SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-43447 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.8 High |
| SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-42141 | 1 Deltaww | 2 Dx-2100-l1-cn, Dx-2100-l1-cn Firmware | 2024-11-21 | 5.4 Medium |
| Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter. | ||||
| CVE-2022-42140 | 1 Deltaww | 2 Dx-2100-l1-cn, Dx-2100-l1-cn Firmware | 2024-11-21 | 7.2 High |
| Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose. | ||||
| CVE-2022-42139 | 1 Deltaww | 2 Dvw-w02w2-e2, Dvw-w02w2-e2 Firmware | 2024-11-21 | 8.8 High |
| Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL. | ||||
| CVE-2022-41779 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 8.8 High |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed, leading to remote code execution. | ||||
| CVE-2022-41776 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 7.5 High |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the changing of administrative passwords. | ||||
| CVE-2022-41775 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.8 High |
| SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-41773 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||||
| CVE-2022-41772 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 9.8 Critical |
| Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution. | ||||
| CVE-2022-41702 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.7 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | ||||
| CVE-2022-41701 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.7 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | ||||