130 matches found
Design/Logic Flaw
Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges...
Cross site scripting
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code...
Authorization
Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization...
Cross site scripting
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code...
Cross site scripting
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code...
Code injection
The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application...
CVE-2021-38488 Delta Electronics DIALink
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code...
CVE-2021-38488
Delta Electronics DIALink vulnerable to Cross-Site Scripting (XSS) in API events: authenticated adversaries can inject arbitrary JavaScript into the comment parameter of events, potentially enabling remote code execution. Affected product: DIALink server, versions 1.2.4.0 and earlier. Root cause:...
CVE-2021-38416 Delta Electronics DIALink
Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed...
CVE-2021-38416
Delta Electronics DIALink vulnerable to DLL hijacking due to insecure loading of libraries in version 1.2.4.0 and earlier, enabling potential system takeover on the installed software. Affected product: DIALink industrial automation server. Root cause: uncontrolled search path element loading lib...
CVE-2021-38428 Delta Electronics DIALink
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code...
CVE-2021-38428
Delta Electronics DIALink
CVE-2021-38420
Summary of CVE-2021-38420 (Delta Electronics DIALink) : The ICS advisory and multiple sources confirm an vulnerability in DIALink versions 1.2.4.0 and earlier caused by incorrect default permissions . This grants extensive privileges to low-privileged user accounts, enabling an attacker to modify...
CVE-2021-38420 Delta Electronics DIALink
Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files...
CVE-2021-38407 Delta Electronics DIALink
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code...
CVE-2021-38407
CVE-2021-38407 affects Delta Electronics DIALink (versions 1.2.4.0 and earlier). The vulnerability is a cross-site scripting flaw in the API devices name parameter that can be exploited by an authenticated attacker to inject arbitrary JavaScript, with potential to remotely execute code. Public ex...
CVE-2021-38424 Delta Electronics DIALink
The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application...
CVE-2021-38424
Delta Electronics DIALink (server) versions 1.2.4.0 and earlier are affected by CVE-2021-38424 via the tag interface, where an attacker can inject formulas into tag data that may execute when opened in a spreadsheet application. The impact is the potential execution of injected formulas (data/tam...
CVE-2021-38403 Delta Electronics DIALink
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code...
CVE-2021-38403
CVE-2021-38403 affects Delta Electronics DIALink (versions 1.2.4.0 and earlier). The vulnerability is a cross-site scripting flaw where an authenticated attacker can inject arbitrary JavaScript into the supplier parameter of the API maintenance, potentially enabling remote code execution. Connect...