Vulnerabilities > Deltaww > Diaenergie
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-30 | CVE-2021-32967 | Improper Authentication vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. | 9.8 |
| 2021-08-30 | CVE-2021-32983 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. | 9.8 |
| 2021-08-30 | CVE-2021-32991 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. | 4.3 |
| 2021-08-30 | CVE-2021-33003 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. | 5.5 |
| 2021-08-30 | CVE-2021-38390 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. | 9.8 |
| 2021-08-30 | CVE-2021-38391 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. | 9.8 |
| 2021-08-30 | CVE-2021-38393 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. | 9.8 |