Vulnerabilities > Deltaww
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-01 | CVE-2022-2969 | Path Traversal vulnerability in Deltaww Dialink 1.2.4.0/1.5.0.0 Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. | 7.5 |
| 2022-11-17 | CVE-2022-41775 | SQL Injection vulnerability in Deltaww Diaenergie SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 |
| 2022-11-17 | CVE-2022-43447 | SQL Injection vulnerability in Deltaww Diaenergie SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 |
| 2022-11-17 | CVE-2022-43452 | SQL Injection vulnerability in Deltaww Diaenergie SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 |
| 2022-11-17 | CVE-2022-43457 | SQL Injection vulnerability in Deltaww Diaenergie SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 |
| 2022-11-17 | CVE-2022-43506 | SQL Injection vulnerability in Deltaww Diaenergie SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 |
| 2022-10-31 | CVE-2022-38142 | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. | 9.8 |
| 2022-10-31 | CVE-2022-40202 | Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. | 9.8 |
| 2022-10-31 | CVE-2022-41629 | Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. | 9.1 |
| 2022-10-31 | CVE-2022-41644 | Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. | 8.8 |