Vulnerabilities > Deltaww
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-27 | CVE-2022-41701 | Cross-site Scripting vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | 5.4 |
| 2022-10-27 | CVE-2022-41702 | Cross-site Scripting vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | 5.4 |
| 2022-10-27 | CVE-2022-41773 | SQL Injection vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. | 8.8 |
| 2022-10-26 | CVE-2022-43774 | SQL Injection vulnerability in Deltaww Diaenergie 1.9.0 The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | 9.8 |
| 2022-10-26 | CVE-2022-43775 | SQL Injection vulnerability in Deltaww Diaenergie 1.9.0 The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | 9.8 |
| 2022-09-16 | CVE-2022-3214 | Use of Hard-coded Credentials vulnerability in Deltaww Diaenergie Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. | 9.8 |
| 2022-08-31 | CVE-2022-1404 | Out-of-bounds Read vulnerability in Deltaww Cncsoft 1.00.83/1.01.30 Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. | 7.1 |
| 2022-08-31 | CVE-2022-1405 | Stack-based Buffer Overflow vulnerability in Deltaww Cncsoft 1.00.83/1.01.30 CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. | 7.8 |
| 2022-08-31 | CVE-2022-2759 | XXE vulnerability in Deltaww Delta Robot Automation Studio Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. | 8.6 |
| 2022-06-27 | CVE-2022-33005 | Cross-site Scripting vulnerability in Deltaww Diaenergie 1.08.00 A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. | 6.1 |