Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Deltaww Subscribe
Total 170 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-41773 1 Deltaww 1 Diaenergie 2022-10-28 N/A 8.8 HIGH
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
CVE-2022-43775 1 Deltaww 1 Diaenergie 2022-10-27 N/A 9.8 CRITICAL
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
CVE-2022-43774 1 Deltaww 1 Diaenergie 2022-10-27 N/A 9.8 CRITICAL
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
CVE-2020-16223 1 Deltaww 1 Tpeditor 2022-09-29 6.8 MEDIUM 7.8 HIGH
Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16225 1 Deltaww 1 Tpeditor 2022-09-29 6.8 MEDIUM 7.8 HIGH
Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16219 1 Deltaww 1 Tpeditor 2022-09-29 6.8 MEDIUM 7.8 HIGH
Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16221 1 Deltaww 1 Tpeditor 2022-09-29 6.8 MEDIUM 7.8 HIGH
Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2022-3214 1 Deltaww 1 Diaenergie 2022-09-21 N/A 9.8 CRITICAL
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Version 1.8.0 and prior have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.
CVE-2022-1404 1 Deltaww 1 Cncsoft 2022-09-07 N/A 7.1 HIGH
Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.
CVE-2022-1405 1 Deltaww 1 Cncsoft 2022-09-04 N/A 7.8 HIGH
CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition.
CVE-2022-2759 1 Deltaww 1 Delta Robot Automation Studio 2022-09-02 N/A 8.6 HIGH
Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host.
CVE-2022-33005 1 Deltaww 1 Diaenergie 2022-07-06 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field.
CVE-2021-32967 1 Deltaww 1 Diaenergie 2022-07-02 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.
CVE-2022-26338 1 Deltaww 1 Diaenergie 2022-06-29 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26887 1 Deltaww 1 Diaenergie 2022-06-29 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26666 1 Deltaww 1 Diaenergie 2022-06-29 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26065 1 Deltaww 1 Diaenergie 2022-06-29 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-25880 1 Deltaww 1 Diaenergie 2022-06-29 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2021-32969 1 Deltaww 1 Diascreen 2022-06-07 6.8 MEDIUM 7.8 HIGH
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code.
CVE-2021-32965 1 Deltaww 1 Diascreen 2022-06-07 6.8 MEDIUM 7.8 HIGH
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.