Vulnerabilities > Deltaww
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-26 | CVE-2022-43774 | SQL Injection vulnerability in Deltaww Diaenergie 1.9.0 The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | 9.8 |
2022-10-26 | CVE-2022-43775 | SQL Injection vulnerability in Deltaww Diaenergie 1.9.0 The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | 9.8 |
2022-09-16 | CVE-2022-3214 | Use of Hard-coded Credentials vulnerability in Deltaww Diaenergie Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. | 9.8 |
2022-06-27 | CVE-2022-33005 | Cross-site Scripting vulnerability in Deltaww Diaenergie 1.08.00 A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. | 4.3 |
2022-05-24 | CVE-2021-32965 | Type Confusion vulnerability in Deltaww Diascreen Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. | 6.8 |
2022-05-24 | CVE-2021-32969 | Out-of-bounds Write vulnerability in Deltaww Diascreen Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. | 6.8 |
2022-05-03 | CVE-2022-1331 | XXE vulnerability in Deltaww Dmars In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure. | 4.3 |
2022-05-02 | CVE-2022-1367 | SQL Injection vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. | 10.0 |
2022-05-02 | CVE-2022-1369 | SQL Injection vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. | 10.0 |
2022-05-02 | CVE-2022-1370 | SQL Injection vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. | 10.0 |