Vulnerabilities > Deltaww > Diaenergie > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-17 CVE-2022-43457 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
8.8
2022-11-17 CVE-2022-43506 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
8.8
2022-10-27 CVE-2022-40967 SQL Injection vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted.
network
low complexity
deltaww CWE-89
8.8
8.8
2022-10-27 CVE-2022-41133 SQL Injection vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters.
network
low complexity
deltaww CWE-89
8.8
8.8
2022-10-27 CVE-2022-41773 SQL Injection vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud.
network
low complexity
deltaww CWE-89
8.8
8.8
2022-04-01 CVE-2022-1098 Uncontrolled Search Path Element vulnerability in Deltaww Diaenergie 1.08.00/1.7.5/1.8.0
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition.
local
low complexity
deltaww CWE-427
7.8
7.8
2022-03-29 CVE-2022-25347 Path Traversal vulnerability in Deltaww Diaenergie 1.08.00/1.7.5/1.8.0
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.
network
low complexity
deltaww CWE-22
7.5
7.5
2022-03-29 CVE-2022-26839 Incorrect Default Permissions vulnerability in Deltaww Diaenergie 1.08.00/1.7.5/1.8.0
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.
local
low complexity
deltaww CWE-276
7.8
7.8
2022-03-25 CVE-2022-0988 Cleartext Transmission of Sensitive Information vulnerability in Deltaww Diaenergie 1.7.5
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP.
network
low complexity
deltaww CWE-319
7.5
7.5