Lucene search
+L

130 matches found

Prion
Prion
added 2021/11/03 8:15 p.m.15 views

Design/Logic Flaw

Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges...

4.6CVSS7.5AI score0.00166EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/11/03 8:15 p.m.17 views

Cross site scripting

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code...

3.5CVSS5.5AI score0.00604EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/11/03 8:15 p.m.11 views

Authorization

Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization...

4.3CVSS6AI score0.00534EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/11/03 8:15 p.m.16 views

Cross site scripting

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code...

3.5CVSS5.5AI score0.11431EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/11/03 8:15 p.m.11 views

Cross site scripting

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code...

3.5CVSS5.5AI score0.00604EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/11/03 8:15 p.m.17 views

Code injection

The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application...

6.8CVSS7.5AI score0.00479EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/03 7:5 p.m.16 views

CVE-2021-38488 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code...

5.5CVSS5.6AI score0.12337EPSS
Exploits0References1
CVE
CVE
added 2021/11/03 7:5 p.m.53 views

CVE-2021-38488

Delta Electronics DIALink vulnerable to Cross-Site Scripting (XSS) in API events: authenticated adversaries can inject arbitrary JavaScript into the comment parameter of events, potentially enabling remote code execution. Affected product: DIALink server, versions 1.2.4.0 and earlier. Root cause:...

5.5CVSS5.4AI score0.12337EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/03 7:5 p.m.17 views

CVE-2021-38416 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed...

7.8CVSS7.8AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 2021/11/03 7:5 p.m.48 views

CVE-2021-38416

Delta Electronics DIALink vulnerable to DLL hijacking due to insecure loading of libraries in version 1.2.4.0 and earlier, enabling potential system takeover on the installed software. Affected product: DIALink industrial automation server. Root cause: uncontrolled search path element loading lib...

7.8CVSS7.8AI score0.00246EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/03 7:5 p.m.15 views

CVE-2021-38428 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code...

5.5CVSS5.6AI score0.11431EPSS
Exploits0References1
CVE
CVE
added 2021/11/03 7:5 p.m.44 views

CVE-2021-38428

Delta Electronics DIALink

5.5CVSS5.4AI score0.11431EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/11/03 7:5 p.m.46 views

CVE-2021-38420

Summary of CVE-2021-38420 (Delta Electronics DIALink) : The ICS advisory and multiple sources confirm an vulnerability in DIALink versions 1.2.4.0 and earlier caused by incorrect default permissions . This grants extensive privileges to low-privileged user accounts, enabling an attacker to modify...

7.8CVSS7.8AI score0.00217EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/03 7:5 p.m.19 views

CVE-2021-38420 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files...

7.8CVSS7.8AI score0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/11/03 7:5 p.m.20 views

CVE-2021-38407 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code...

5.5CVSS5.6AI score0.00604EPSS
Exploits0References1
CVE
CVE
added 2021/11/03 7:5 p.m.43 views

CVE-2021-38407

CVE-2021-38407 affects Delta Electronics DIALink (versions 1.2.4.0 and earlier). The vulnerability is a cross-site scripting flaw in the API devices name parameter that can be exploited by an authenticated attacker to inject arbitrary JavaScript, with potential to remotely execute code. Public ex...

5.5CVSS5.4AI score0.00604EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/03 7:5 p.m.17 views

CVE-2021-38424 Delta Electronics DIALink

The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application...

5.9CVSS7.7AI score0.00479EPSS
Exploits0References1
CVE
CVE
added 2021/11/03 7:5 p.m.42 views

CVE-2021-38424

Delta Electronics DIALink (server) versions 1.2.4.0 and earlier are affected by CVE-2021-38424 via the tag interface, where an attacker can inject formulas into tag data that may execute when opened in a spreadsheet application. The impact is the potential execution of injected formulas (data/tam...

7.8CVSS6.6AI score0.00479EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/03 7:5 p.m.20 views

CVE-2021-38403 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code...

5.5CVSS5.6AI score0.00604EPSS
Exploits0References1
CVE
CVE
added 2021/11/03 7:5 p.m.42 views

CVE-2021-38403

CVE-2021-38403 affects Delta Electronics DIALink (versions 1.2.4.0 and earlier). The vulnerability is a cross-site scripting flaw where an authenticated attacker can inject arbitrary JavaScript into the supplier parameter of the API maintenance, potentially enabling remote code execution. Connect...

5.5CVSS5.4AI score0.00604EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder