Vulnerabilities > Deltaww > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-01-13 CVE-2022-4616 Unspecified vulnerability in Deltaww Dx-3021L9 Firmware
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page.
network
low complexity
deltaww
critical
 9.1
9.1
2022-10-31 CVE-2022-38142 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification.
network
low complexity
deltaww
critical
 9.8
9.8
2022-10-31 CVE-2022-40202 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication.
network
low complexity
deltaww
critical
 9.8
9.8
2022-10-31 CVE-2022-41629 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory.
network
low complexity
deltaww
critical
 9.1
9.1
2022-10-31 CVE-2022-41657 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs).
network
low complexity
deltaww
critical
 9.8
9.8
2022-10-31 CVE-2022-41772 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal.
network
low complexity
deltaww
critical
 9.8
9.8
2022-10-31 CVE-2022-41779 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification.
network
low complexity
deltaww
critical
 9.8
9.8
2022-10-26 CVE-2022-43774 SQL Injection vulnerability in Deltaww Diaenergie 1.9.0
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
network
low complexity
deltaww CWE-89
critical
 9.8
9.8
2022-10-26 CVE-2022-43775 SQL Injection vulnerability in Deltaww Diaenergie 1.9.0
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
network
low complexity
deltaww CWE-89
critical
 9.8
9.8
2022-09-16 CVE-2022-3214 Unspecified vulnerability in Deltaww Diaenergie
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials.
network
low complexity
deltaww
critical
 9.8
9.8