Vulnerabilities > Deltaww
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-31 | CVE-2022-41776 | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. | 7.5 |
| 2022-10-31 | CVE-2022-41779 | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. | 9.8 |
| 2022-10-27 | CVE-2022-40965 | Cross-site Scripting vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | 5.4 |
| 2022-10-27 | CVE-2022-40967 | SQL Injection vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. | 8.8 |
| 2022-10-27 | CVE-2022-41133 | SQL Injection vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. | 8.8 |
| 2022-10-27 | CVE-2022-41555 | Cross-site Scripting vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. | 5.4 |
| 2022-10-27 | CVE-2022-41651 | Cross-site Scripting vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. | 5.4 |
| 2022-10-27 | CVE-2022-41701 | Cross-site Scripting vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | 5.4 |
| 2022-10-27 | CVE-2022-41702 | Cross-site Scripting vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | 5.4 |
| 2022-10-27 | CVE-2022-41773 | SQL Injection vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. | 8.8 |