Vulnerabilities > Deltaww

DATE CVE VULNERABILITY TITLE RISK
2022-11-17 CVE-2022-41775 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
2022-11-17 CVE-2022-43447 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
2022-11-17 CVE-2022-43452 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
2022-11-17 CVE-2022-43457 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
2022-11-17 CVE-2022-43506 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
2022-10-31 CVE-2022-38142 Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification.
network
low complexity
deltaww CWE-502
critical
9.8
2022-10-31 CVE-2022-40202 Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A
The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication.
network
low complexity
deltaww CWE-306
critical
9.8
2022-10-31 CVE-2022-41629 Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory.
network
low complexity
deltaww CWE-306
critical
9.1
2022-10-31 CVE-2022-41644 Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges.
network
low complexity
deltaww CWE-306
8.8
2022-10-31 CVE-2022-41657 Path Traversal vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs).
network
low complexity
deltaww CWE-22
critical
9.8