Vulnerabilities > Deltaww > Dialink > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-13 | CVE-2022-2660 | Use of Hard-coded Credentials vulnerability in Deltaww Dialink 1.2.4.0 Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. | 7.5 |
| 2022-12-01 | CVE-2022-2969 | Unspecified vulnerability in Deltaww Dialink 1.2.4.0/1.5.0.0 Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. | 7.5 |
| 2021-11-03 | CVE-2021-38416 | Unspecified vulnerability in Deltaww Dialink 1.2.4.0 Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed. | 7.8 |
| 2021-11-03 | CVE-2021-38420 | Incorrect Default Permissions vulnerability in Deltaww Dialink 1.2.4.0 Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files. | 7.8 |
| 2021-11-03 | CVE-2021-38422 | Unspecified vulnerability in Deltaww Dialink 1.2.4.0 Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges. | 7.8 |
| 2021-11-03 | CVE-2021-38424 | Unspecified vulnerability in Deltaww Dialink 1.2.4.0 The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. | 7.8 |