Vulnerabilities > Deltaww
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-17 | CVE-2021-38406 | Out-of-bounds Write vulnerability in Deltaww Dopsoft 2.00.07 Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. | 7.8 |
| 2021-08-30 | CVE-2021-32955 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. | 9.8 |
| 2021-08-30 | CVE-2021-32967 | Improper Authentication vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. | 9.8 |
| 2021-08-30 | CVE-2021-32983 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. | 9.8 |
| 2021-08-30 | CVE-2021-32991 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. | 4.3 |
| 2021-08-30 | CVE-2021-33003 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. | 5.5 |
| 2021-08-30 | CVE-2021-33007 | Unspecified vulnerability in Deltaww Tpeditor A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. | 7.8 |
| 2021-08-30 | CVE-2021-33019 | Out-of-bounds Write vulnerability in Deltaww Dopsoft A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. | 7.8 |
| 2021-08-30 | CVE-2021-38390 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. | 9.8 |
| 2021-08-30 | CVE-2021-38391 | Unspecified vulnerability in Deltaww Diaenergie 1.7.5 A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. | 9.8 |