Vulnerabilities > Deltaww > Diaenergie > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-30 | CVE-2021-38393 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. | 9.8 |
| 2021-08-30 | CVE-2021-38391 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. | 9.8 |
| 2021-08-30 | CVE-2021-38390 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. | 9.8 |
| 2021-08-30 | CVE-2021-32983 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. | 9.8 |
| 2021-08-30 | CVE-2021-32967 | Improper Authentication vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. | 9.8 |
| 2021-08-30 | CVE-2021-32955 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. | 9.8 |