3858 matches found
Path traversal
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system...
CVE-2022-27175 Delta Electronics DIAEnergie SQL Injection in GetCalcTagList
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2022-27175 Delta Electronics DIAEnergie SQL Injection in GetCalcTagList
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2022-27175
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) contains a blind SQL injection in GetCalcTagList. The vulnerability allows an attacker to inject arbitrary SQL, retrieve/modify database contents, and execute system commands. Affected product: DIAEnergie; root cause: inadequate inpu...
CVE-2022-26839 Delta Electronics DIAEnergie Incorrect Default Permissions
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files such as DLLs or replace existing executable files...
CVE-2022-26839
CVE-2022-26839 affects Delta Electronics DIAEnergie (all versions before 1.8.02.004). The flaw is an incorrect default permission in the DIAEnergie application that may allow an attacker to plant new files (e.g., DLLs) or replace existing executables. ICS advisory Update C notes fixes in version ...
CVE-2022-26667
Delta Electronics DIAEnergie is affected by a blind SQL injection vulnerability (CVE-2022-26667) in GetDemandAnalysisData for all versions before 1.9. The issue allows an attacker to inject arbitrary SQL, read/modify database contents, and execute system commands. No exploitation details are prov...
CVE-2022-26667 Delta Electronics DIAEnergie SQL Injection in GetDemandAnalysisData
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2022-26667 Delta Electronics DIAEnergie SQL Injection in GetDemandAnalysisData
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2022-26514 Delta Electronics DIAEnergie SQL Injection in DIAE_tagHandler.ashx
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in DIAEtagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2022-26338 Delta Electronics DIAEnergie SQL Injection in DIAE_hierarchyHandler.ashx
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerPagePKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2022-26514
CVE-2022-26514 affects Delta Electronics DIAEnergie (all versions prior to 1.9.0.0). The issue is a blind SQL injection in the DIAE_tagHandler.ashx component, enabling an attacker to inject arbitrary SQL, retrieve/modify database contents, and potentially execute system commands. The vulnerabilit...
CVE-2022-26338 Delta Electronics DIAEnergie SQL Injection in DIAE_hierarchyHandler.ashx
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerPagePKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2022-26514 Delta Electronics DIAEnergie SQL Injection in DIAE_tagHandler.ashx
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in DIAEtagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2022-26338
CVE-2022-26338 affects Delta Electronics DIAEnergie. A blind SQL injection in DIAE_hierarchyHandler.ashx/HandlerPageP_KID.ashx (prior to 1.8.02.004) can enable arbitrary SQL execution, data retrieval/modification, and command execution. Mitigation: upgrade to 1.9 or later; apply network isolation...
CVE-2022-26666
Delta Electronics DIAEnergie (all versions before 1.9) contains a blind SQL injection in HandlerECC.ashx that lets an attacker inject arbitrary SQL, retrieve/modify data, and potentially execute system commands. The CVSS v3.1 base score is 9.8 (CRITICAL), with network access, no authentication, a...
CVE-2022-26666 Delta Electronics DIAEnergie SQL Injection in HandlerDialogECC.ashx
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2022-26666 Delta Electronics DIAEnergie SQL Injection in HandlerDialogECC.ashx
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2022-26887
CVE-2022-26887 affects Delta Electronics DIAEnergie (all versions prior to 1.8.02.004, fixed in 1.9+ per ICS Update C). The vulnerability is a blind SQL injection in DIAE_loopmapHandler.ashx (and related handlers per multiple sources) caused by insufficient validation of external input, enabling ...
CVE-2022-26887 Delta Electronics DIAEnergie SQL Injection in DIAE_HandlerTag_KID.ashx
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEloopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...