Filtered by vendor Deltaww
Subscriptions
Total
240 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34347 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 9.8 Critical |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code. | ||||
| CVE-2022-43457 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.8 High |
| SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-3214 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. | ||||
| CVE-2022-33005 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. | ||||
| CVE-2021-44544 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.5 High |
| DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. | ||||
| CVE-2021-44471 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.5 High |
| DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. | ||||
| CVE-2021-43982 | 1 Deltaww | 1 Cncsoft | 2024-11-21 | 7.8 High |
| Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2021-38488 | 1 Deltaww | 1 Dialink | 2024-11-21 | 5.5 Medium |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code. | ||||
| CVE-2021-38428 | 1 Deltaww | 1 Dialink | 2024-11-21 | 5.5 Medium |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code. | ||||
| CVE-2021-38424 | 1 Deltaww | 1 Dialink | 2024-11-21 | 5.9 Medium |
| The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application. | ||||
| CVE-2021-38422 | 1 Deltaww | 1 Dialink | 2024-11-21 | 7.8 High |
| Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges. | ||||
| CVE-2021-38420 | 1 Deltaww | 1 Dialink | 2024-11-21 | 7.8 High |
| Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files. | ||||
| CVE-2021-38418 | 1 Deltaww | 1 Dialink | 2024-11-21 | 8.8 High |
| Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization. | ||||
| CVE-2021-38416 | 1 Deltaww | 1 Dialink | 2024-11-21 | 7.8 High |
| Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed. | ||||
| CVE-2021-38411 | 1 Deltaww | 1 Dialink | 2024-11-21 | 5.5 Medium |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code. | ||||
| CVE-2021-38407 | 1 Deltaww | 1 Dialink | 2024-11-21 | 5.5 Medium |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code. | ||||
| CVE-2021-38403 | 1 Deltaww | 1 Dialink | 2024-11-21 | 5.5 Medium |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code. | ||||
| CVE-2021-38393 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | ||||
| CVE-2021-38391 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | ||||
| CVE-2021-38390 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | ||||