Filtered by vendor Deltaww
Subscribe
Total
212 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-41629 | 1 Deltaww | 1 Infrasuite Device Master | 2023-12-10 | N/A | 9.1 CRITICAL |
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as UserListInfo.xml, which would allow them to see existing administrative passwords. | |||||
CVE-2022-41702 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | N/A | 5.4 MEDIUM |
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | |||||
CVE-2022-41776 | 1 Deltaww | 1 Infrasuite Device Master | 2023-12-10 | N/A | 7.5 HIGH |
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the changing of administrative passwords. | |||||
CVE-2022-43774 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | N/A | 9.8 CRITICAL |
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||||
CVE-2022-43775 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | N/A | 9.8 CRITICAL |
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||||
CVE-2022-40965 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | N/A | 5.4 MEDIUM |
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | |||||
CVE-2022-0923 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2022-1403 | 1 Deltaww | 1 Asda Soft | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. | |||||
CVE-2022-33005 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. | |||||
CVE-2022-1376 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2022-0988 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product. | |||||
CVE-2022-1369 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2022-26836 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2022-1378 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2022-26349 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2021-32969 | 1 Deltaww | 1 Diascreen | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. | |||||
CVE-2022-26667 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2022-26059 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2022-1372 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2022-26065 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. |