Vulnerabilities > Deltaww

DATE CVE VULNERABILITY TITLE RISK
2023-03-27 CVE-2023-1141 Command Injection vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution.
network
low complexity
deltaww CWE-77
8.8
2023-03-27 CVE-2023-1142 Path Traversal vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
network
low complexity
deltaww CWE-22
critical
9.8
2023-03-27 CVE-2023-1143 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
network
low complexity
deltaww
8.8
2023-03-27 CVE-2023-1144 Incorrect Authorization vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
network
low complexity
deltaww CWE-863
8.8
2023-03-27 CVE-2023-1145 Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
local
low complexity
deltaww CWE-502
7.8
2023-02-17 CVE-2023-0822 Files or Directories Accessible to External Parties vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
network
low complexity
deltaww CWE-552
8.8
2023-02-08 CVE-2023-0249 Unspecified vulnerability in Deltaww Diascreen
Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
local
low complexity
deltaww
7.8
2023-02-08 CVE-2023-0250 Unspecified vulnerability in Deltaww Diascreen
Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.
local
low complexity
deltaww
7.8
2023-02-08 CVE-2023-0251 Unspecified vulnerability in Deltaww Diascreen
Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.
local
low complexity
deltaww
7.8
2023-02-03 CVE-2022-4634 Out-of-bounds Write vulnerability in Deltaww Cncsoft and Screeneditor
All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.
local
low complexity
deltaww CWE-787
7.8