Vulnerabilities > Deltaww > Diaenergie > 1.9.01.002

DATE CVE VULNERABILITY TITLE RISK
2024-03-21 CVE-2024-28029 Unspecified vulnerability in Deltaww Diaenergie
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
network
low complexity
deltaww
8.8
8.8
2023-02-17 CVE-2023-0822 Files or Directories Accessible to External Parties vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
network
low complexity
deltaww CWE-552
8.8
8.8
2022-11-17 CVE-2022-41775 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
8.8
2022-11-17 CVE-2022-43447 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
8.8
2022-11-17 CVE-2022-43452 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
8.8
2022-11-17 CVE-2022-43457 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
8.8
2022-11-17 CVE-2022-43506 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
8.8
2022-09-16 CVE-2022-3214 Use of Hard-coded Credentials vulnerability in Deltaww Diaenergie
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials.
network
low complexity
deltaww CWE-798
critical
 9.8
9.8