Vulnerabilities > Deltaww > Diaenergie > 1.08.00

DATE CVE VULNERABILITY TITLE RISK
2022-11-17 CVE-2022-43506 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
8.8
2022-10-27 CVE-2022-40965 Cross-site Scripting vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.
network
low complexity
deltaww CWE-79
5.4
5.4
2022-10-27 CVE-2022-40967 SQL Injection vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted.
network
low complexity
deltaww CWE-89
8.8
8.8
2022-10-27 CVE-2022-41133 SQL Injection vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters.
network
low complexity
deltaww CWE-89
8.8
8.8
2022-10-27 CVE-2022-41555 Cross-site Scripting vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.
network
low complexity
deltaww CWE-79
5.4
5.4
2022-10-27 CVE-2022-41651 Cross-site Scripting vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.
network
low complexity
deltaww CWE-79
5.4
5.4
2022-10-27 CVE-2022-41701 Cross-site Scripting vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.
network
low complexity
deltaww CWE-79
5.4
5.4
2022-10-27 CVE-2022-41702 Cross-site Scripting vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.
network
low complexity
deltaww CWE-79
5.4
5.4
2022-10-27 CVE-2022-41773 SQL Injection vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud.
network
low complexity
deltaww CWE-89
8.8
8.8
2022-09-16 CVE-2022-3214 Unspecified vulnerability in Deltaww Diaenergie
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials.
network
low complexity
deltaww
critical
 9.8
9.8