Vulnerabilities > Deltaww

DATE CVE VULNERABILITY TITLE RISK
2022-06-27 CVE-2022-33005 Cross-site Scripting vulnerability in Deltaww Diaenergie 1.08.00
A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field.
network
deltaww CWE-79
4.3
2022-05-24 CVE-2021-32965 Type Confusion vulnerability in Deltaww Diascreen
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.
network
deltaww CWE-843
6.8
2022-05-24 CVE-2021-32969 Out-of-bounds Write vulnerability in Deltaww Diascreen
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code.
network
deltaww CWE-787
6.8
2022-05-03 CVE-2022-1331 XXE vulnerability in Deltaww Dmars
In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure.
network
deltaww CWE-611
4.3
2022-05-02 CVE-2022-1367 SQL Injection vulnerability in Deltaww Diaenergie 1.7.5
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx.
network
low complexity
deltaww CWE-89
critical
10.0
2022-05-02 CVE-2022-1369 SQL Injection vulnerability in Deltaww Diaenergie 1.7.5
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND.
network
low complexity
deltaww CWE-89
critical
10.0
2022-05-02 CVE-2022-1370 SQL Injection vulnerability in Deltaww Diaenergie 1.7.5
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID.
network
low complexity
deltaww CWE-89
critical
10.0
2022-05-02 CVE-2022-1371 SQL Injection vulnerability in Deltaww Diaenergie 1.7.5
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf.
network
low complexity
deltaww CWE-89
critical
10.0
2022-05-02 CVE-2022-1372 SQL Injection vulnerability in Deltaww Diaenergie 1.7.5
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx.
network
low complexity
deltaww CWE-89
critical
10.0
2022-05-02 CVE-2022-1374 SQL Injection vulnerability in Deltaww Diaenergie 1.7.5
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx.
network
low complexity
deltaww CWE-89
critical
10.0