CVE-2024-4548

CVE-2024-4548 concerns a SQL injection in Delta Electronics DIAEnergie prior to and including v1.10.1.8610, triggered when CEBC.exe processes a RecalculateHDMWYC message split into four fields by the ~ separator; the attacker can inject via the fourth field. The vulnerability is unauthenticated a...

CVE-2024-4548 Delta Electronics DIAEnergie SQL Injection

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...

CVE-2024-4547 Delta Electronics DIAEnergie Unauthenticated SQL Injection

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...

CVE-2024-4547 Delta Electronics DIAEnergie Unauthenticated SQL Injection

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...

CVE-2024-4547

CVE-2024-4547 affects Delta Electronics DIAEnergie, versions 1.10.1.8610 and earlier. The vulnerability arises when CEBC.exe processes a 'RecalculateScript' message that is split into four fields by the '~' separator; the attacker can perform unauthenticated SQL injection via the fourth field. Do...

Delta Electronics DIAEnergie GetDIACloudList SQL Injection Vulnerability

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China. Delta Electronics DIAEnergie GetDIACloudList suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China, for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and...

Delta Electronics DIAEnergie Path Traversal Vulnerability

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China. A path traversal vulnerability exists in Delta Electronics DIAEnergie, which can be exploited by an attacker to write an arbitrary file on the system by sending a specially crafted URL...

PT-2024-31657 · Delta Electronics · Diaenergie

Name of the Vulnerable Software and Affected Versions: Delta Electronics DIAEnergie versions 1.10.1.8610 and prior Description: A vulnerability exists when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '' character as the separator. An unauthenticated...

PT-2024-31655 · Delta Electronics · Diaenergie

Name of the Vulnerable Software and Affected Versions: Delta Electronics DIAEnergie versions 1.10.1.8610 and prior Description: A SQL injection vulnerability exists when CEBC.exe processes a 'RecalculateScript' message, which is split into 4 fields using the '' character as the separator. An...

Delta Electronics DIAEnergie 安全漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China. A denial of service vulnerability exists in Delta Electronics DIAEnergie, which originates from CEBC.exe restarting the system when processing ICS Restart messages. An attacker could...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China. A SQL injection vulnerability exists in Delta Electronics DIAEnergie. An attacker can use this vulnerability to view, add, modify, or delete information in the back-end database...

CVE-2024-34032

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed...

CVE-2024-34033

Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten...

CVE-2024-34032

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed...

CVE-2024-34031

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script HandlerCFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed...

CVE-2024-34031

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script HandlerCFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed...

CVE-2024-34033 Path Traversal vulnerability in Delta Electronics DIAEnergie

Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten...

CVE-2024-34033

Delta Electronics DIAEnergie is affected by a Path Traversal (CWE-22) due to insufficient input validation, allowing an attacker to write files outside the intended directory. Public references indicate affected DIAEnergie versions include v1.10.00.005, with remediation available in v1.10.01.004....

CVE-2024-34031

Delta Electronics DIAEnergie is vulnerable to an SQL injection in Handler_CFG.ashx (CVE-2024-34031). Affected product: DIAEnergie; version cited by ICS is v1.10.00.005. The root cause is improper neutralization of SQL commands in the endpoint, leading to potential system compromise when exploited...