Vulnerabilities > Deltaww

DATE CVE VULNERABILITY TITLE RISK
2022-10-31 CVE-2022-41657 Path Traversal vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs).
network
low complexity
deltaww CWE-22
critical
 9.8
9.8
2022-10-31 CVE-2022-41688 Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups.
network
low complexity
deltaww CWE-306
7.5
7.5
2022-10-31 CVE-2022-41772 Path Traversal vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal.
network
low complexity
deltaww CWE-22
critical
 9.8
9.8
2022-10-31 CVE-2022-41776 Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml.
network
low complexity
deltaww CWE-306
7.5
7.5
2022-10-31 CVE-2022-41779 Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification.
network
low complexity
deltaww CWE-502
critical
 9.8
9.8
2022-10-27 CVE-2022-40965 Cross-site Scripting vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.
network
low complexity
deltaww CWE-79
5.4
5.4
2022-10-27 CVE-2022-40967 SQL Injection vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted.
network
low complexity
deltaww CWE-89
8.8
8.8
2022-10-27 CVE-2022-41133 SQL Injection vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters.
network
low complexity
deltaww CWE-89
8.8
8.8
2022-10-27 CVE-2022-41555 Cross-site Scripting vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.
network
low complexity
deltaww CWE-79
5.4
5.4
2022-10-27 CVE-2022-41651 Cross-site Scripting vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.
network
low complexity
deltaww CWE-79
5.4
5.4