Vulnerabilities > Deltaww

DATE CVE VULNERABILITY TITLE RISK
2023-01-13 CVE-2022-41778 Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification.
network
low complexity
deltaww CWE-502
8.8
2023-01-13 CVE-2022-4616 Command Injection vulnerability in Deltaww Dx-3021L9 Firmware
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page.
network
low complexity
deltaww CWE-77
critical
9.1
2022-12-16 CVE-2022-2966 Out-of-bounds Read vulnerability in Deltaww Dopsoft
Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions.
network
low complexity
deltaww CWE-125
7.5
2022-12-14 CVE-2022-42139 OS Command Injection vulnerability in Deltaww Dvw-W02W2-E2 Firmware 2.42
Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL.
network
low complexity
deltaww CWE-78
8.8
2022-12-14 CVE-2022-42140 OS Command Injection vulnerability in Deltaww Dx-2100-L1-Cn Firmware 1.5.0.10
Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose.
network
low complexity
deltaww CWE-78
7.2
2022-12-14 CVE-2022-42141 Cross-site Scripting vulnerability in Deltaww Dx-2100-L1-Cn Firmware 1.5.0.10
Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter.
network
low complexity
deltaww CWE-79
5.4
2022-12-13 CVE-2022-2660 Use of Hard-coded Credentials vulnerability in Deltaww Dialink 1.2.4.0
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine.
network
low complexity
deltaww CWE-798
7.5
2022-12-01 CVE-2022-2969 Path Traversal vulnerability in Deltaww Dialink 1.2.4.0/1.5.0.0
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory.
network
low complexity
deltaww CWE-22
7.5
2022-11-17 CVE-2022-41775 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
2022-11-17 CVE-2022-43447 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8