Filtered by vendor Deltaww
Subscribe
Total
170 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-41773 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 8.8 HIGH |
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
CVE-2022-43775 | 1 Deltaww | 1 Diaenergie | 2022-10-27 | N/A | 9.8 CRITICAL |
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||||
CVE-2022-43774 | 1 Deltaww | 1 Diaenergie | 2022-10-27 | N/A | 9.8 CRITICAL |
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||||
CVE-2020-16223 | 1 Deltaww | 1 Tpeditor | 2022-09-29 | 6.8 MEDIUM | 7.8 HIGH |
Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | |||||
CVE-2020-16225 | 1 Deltaww | 1 Tpeditor | 2022-09-29 | 6.8 MEDIUM | 7.8 HIGH |
Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | |||||
CVE-2020-16219 | 1 Deltaww | 1 Tpeditor | 2022-09-29 | 6.8 MEDIUM | 7.8 HIGH |
Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | |||||
CVE-2020-16221 | 1 Deltaww | 1 Tpeditor | 2022-09-29 | 6.8 MEDIUM | 7.8 HIGH |
Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | |||||
CVE-2022-3214 | 1 Deltaww | 1 Diaenergie | 2022-09-21 | N/A | 9.8 CRITICAL |
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Version 1.8.0 and prior have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. | |||||
CVE-2022-1404 | 1 Deltaww | 1 Cncsoft | 2022-09-07 | N/A | 7.1 HIGH |
Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. | |||||
CVE-2022-1405 | 1 Deltaww | 1 Cncsoft | 2022-09-04 | N/A | 7.8 HIGH |
CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. | |||||
CVE-2022-2759 | 1 Deltaww | 1 Delta Robot Automation Studio | 2022-09-02 | N/A | 8.6 HIGH |
Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host. | |||||
CVE-2022-33005 | 1 Deltaww | 1 Diaenergie | 2022-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. | |||||
CVE-2021-32967 | 1 Deltaww | 1 Diaenergie | 2022-07-02 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. | |||||
CVE-2022-26338 | 1 Deltaww | 1 Diaenergie | 2022-06-29 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2022-26887 | 1 Deltaww | 1 Diaenergie | 2022-06-29 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2022-26666 | 1 Deltaww | 1 Diaenergie | 2022-06-29 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2022-26065 | 1 Deltaww | 1 Diaenergie | 2022-06-29 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2022-25880 | 1 Deltaww | 1 Diaenergie | 2022-06-29 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2021-32969 | 1 Deltaww | 1 Diascreen | 2022-06-07 | 6.8 MEDIUM | 7.8 HIGH |
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. | |||||
CVE-2021-32965 | 1 Deltaww | 1 Diascreen | 2022-06-07 | 6.8 MEDIUM | 7.8 HIGH |
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. |