Vulnerabilities > Deltaww > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-17 CVE-2022-43457 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
8.8
2022-11-17 CVE-2022-43506 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
8.8
2022-10-31 CVE-2022-41644 Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges.
network
low complexity
deltaww CWE-306
8.8
8.8
2022-10-31 CVE-2022-41688 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups.
network
low complexity
deltaww
7.5
7.5
2022-10-31 CVE-2022-41776 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml.
network
low complexity
deltaww
7.5
7.5
2022-10-27 CVE-2022-40967 SQL Injection vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted.
network
low complexity
deltaww CWE-89
8.8
8.8
2022-10-27 CVE-2022-41133 SQL Injection vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters.
network
low complexity
deltaww CWE-89
8.8
8.8
2022-10-27 CVE-2022-41773 SQL Injection vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud.
network
low complexity
deltaww CWE-89
8.8
8.8
2022-08-31 CVE-2022-1404 Unspecified vulnerability in Deltaww Cncsoft 1.00.83/1.01.30
Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.
local
low complexity
deltaww
7.1
7.1
2022-08-31 CVE-2022-1405 Unspecified vulnerability in Deltaww Cncsoft 1.00.83/1.01.30
CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition.
local
low complexity
deltaww
7.8
7.8