Vulnerabilities > Deltaww
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-26 | CVE-2022-43774 | SQL Injection vulnerability in Deltaww Diaenergie 1.9.0 The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | 9.8 |
| 2022-10-26 | CVE-2022-43775 | SQL Injection vulnerability in Deltaww Diaenergie 1.9.0 The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | 9.8 |
| 2022-09-16 | CVE-2022-3214 | Unspecified vulnerability in Deltaww Diaenergie Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. | 9.8 |
| 2022-08-31 | CVE-2022-1404 | Unspecified vulnerability in Deltaww Cncsoft 1.00.83/1.01.30 Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. | 7.1 |
| 2022-08-31 | CVE-2022-1405 | Unspecified vulnerability in Deltaww Cncsoft 1.00.83/1.01.30 CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. | 7.8 |
| 2022-08-31 | CVE-2022-2759 | Unspecified vulnerability in Deltaww Delta Robot Automation Studio Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. | 8.6 |
| 2022-06-27 | CVE-2022-33005 | Cross-site Scripting vulnerability in Deltaww Diaenergie 1.08.00 A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. | 6.1 |
| 2022-05-24 | CVE-2021-32965 | Unspecified vulnerability in Deltaww Diascreen Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. | 7.8 |
| 2022-05-24 | CVE-2021-32969 | Out-of-bounds Write vulnerability in Deltaww Diascreen Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. | 7.8 |
| 2022-05-03 | CVE-2022-1331 | Unspecified vulnerability in Deltaww Dmars In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure. | 5.5 |