Vulnerabilities > Deltaww > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-14 | CVE-2022-42139 | OS Command Injection vulnerability in Deltaww Dvw-W02W2-E2 Firmware 2.42 Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL. | 8.8 |
| 2022-12-14 | CVE-2022-42140 | OS Command Injection vulnerability in Deltaww Dx-2100-L1-Cn Firmware 1.5.0.10 Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose. | 7.2 |
| 2022-12-13 | CVE-2022-2660 | Use of Hard-coded Credentials vulnerability in Deltaww Dialink 1.2.4.0 Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. | 7.5 |
| 2022-12-01 | CVE-2022-2969 | Unspecified vulnerability in Deltaww Dialink 1.2.4.0/1.5.0.0 Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. | 7.5 |
| 2022-11-17 | CVE-2022-41775 | SQL Injection vulnerability in Deltaww Diaenergie SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 |
| 2022-11-17 | CVE-2022-43447 | SQL Injection vulnerability in Deltaww Diaenergie SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 |
| 2022-11-17 | CVE-2022-43452 | SQL Injection vulnerability in Deltaww Diaenergie SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 |
| 2022-11-17 | CVE-2022-43457 | SQL Injection vulnerability in Deltaww Diaenergie SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 |
| 2022-11-17 | CVE-2022-43506 | SQL Injection vulnerability in Deltaww Diaenergie SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 |
| 2022-10-31 | CVE-2022-41644 | Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. | 8.8 |