Vulnerabilities > Deltaww
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-30 | CVE-2021-32983 | SQL Injection vulnerability in Deltaww Diaenergie 1.7.5 A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. | 10.0 |
| 2021-08-30 | CVE-2021-32991 | Cross-Site Request Forgery (CSRF) vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. | 4.3 |
| 2021-08-30 | CVE-2021-33003 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. | 2.1 |
| 2021-08-30 | CVE-2021-33007 | Heap-based Buffer Overflow vulnerability in Deltaww Tpeditor A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. | 6.8 |
| 2021-08-30 | CVE-2021-33019 | Stack-based Buffer Overflow vulnerability in Deltaww Dopsoft A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. | 6.8 |
| 2021-08-30 | CVE-2021-38390 | SQL Injection vulnerability in Deltaww Diaenergie 1.7.5 A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. | 10.0 |
| 2021-08-30 | CVE-2021-38391 | SQL Injection vulnerability in Deltaww Diaenergie 1.7.5 A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. | 10.0 |
| 2021-08-30 | CVE-2021-38393 | SQL Injection vulnerability in Deltaww Diaenergie 1.7.5 A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. | 10.0 |
| 2021-07-02 | CVE-2021-27412 | Out-of-bounds Read vulnerability in Deltaww Dopsoft Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. | 6.8 |
| 2021-07-02 | CVE-2021-27455 | Out-of-bounds Read vulnerability in Deltaww Dopsoft Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. | 4.3 |