Vulnerabilities > Deltaww > Diaenergie > 1.9.03.001

DATE CVE VULNERABILITY TITLE RISK
2024-10-03 CVE-2024-42417 SQL Injection vulnerability in Deltaww Diaenergie
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx.
network
low complexity
deltaww CWE-89
8.8
8.8
2024-10-03 CVE-2024-43699 SQL Injection vulnerability in Deltaww Diaenergie
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx.
network
low complexity
deltaww CWE-89
critical
 9.8
9.8
2024-04-01 CVE-2024-25574 Unspecified vulnerability in Deltaww Diaenergie
SQL injection vulnerability exists in GetDIAE_usListParameters.
network
low complexity
deltaww
critical
 9.8
9.8
2024-03-21 CVE-2024-25937 Unspecified vulnerability in Deltaww Diaenergie
SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.
network
low complexity
deltaww
8.8
8.8
2024-03-21 CVE-2024-28029 Unspecified vulnerability in Deltaww Diaenergie
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
network
low complexity
deltaww
8.8
8.8
2022-09-16 CVE-2022-3214 Unspecified vulnerability in Deltaww Diaenergie
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials.
network
low complexity
deltaww
critical
 9.8
9.8