CVE-2021-38488 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code...

CVE-2021-38416 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed...

CVE-2021-38416

Delta Electronics DIALink vulnerable to DLL hijacking due to insecure loading of libraries in version 1.2.4.0 and earlier, enabling potential system takeover on the installed software. Affected product: DIALink industrial automation server. Root cause: uncontrolled search path element loading lib...

CVE-2021-38428

Delta Electronics DIALink

CVE-2021-38428 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code...

CVE-2021-38420

Summary of CVE-2021-38420 (Delta Electronics DIALink) : The ICS advisory and multiple sources confirm an vulnerability in DIALink versions 1.2.4.0 and earlier caused by incorrect default permissions . This grants extensive privileges to low-privileged user accounts, enabling an attacker to modify...

CVE-2021-38420 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files...

CVE-2021-38407 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code...

CVE-2021-38407

CVE-2021-38407 affects Delta Electronics DIALink (versions 1.2.4.0 and earlier). The vulnerability is a cross-site scripting flaw in the API devices name parameter that can be exploited by an authenticated attacker to inject arbitrary JavaScript, with potential to remotely execute code. Public ex...

CVE-2021-38424

Delta Electronics DIALink (server) versions 1.2.4.0 and earlier are affected by CVE-2021-38424 via the tag interface, where an attacker can inject formulas into tag data that may execute when opened in a spreadsheet application. The impact is the potential execution of injected formulas (data/tam...

CVE-2021-38424 Delta Electronics DIALink

The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application...

CVE-2021-38403 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code...

CVE-2021-38403

CVE-2021-38403 affects Delta Electronics DIALink (versions 1.2.4.0 and earlier). The vulnerability is a cross-site scripting flaw where an authenticated attacker can inject arbitrary JavaScript into the supplier parameter of the API maintenance, potentially enabling remote code execution. Connect...

CVE-2021-38422

Delta Electronics DIALink is affected in versions 1.2.4.0 and earlier by CVE-2021-38422, which stores sensitive information in cleartext, potentially granting an attacker extensive access to the application directory and privilege escalation. The CVSS v3 base score is 7.8 (HIGH) with LOCAL attack...

CVE-2021-38422 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges...

CVE-2021-38418 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization...

CVE-2021-38418

Delta Electronics DIALink (versions 1.2.4.0 and earlier) runs by default over HTTP, enabling potential machine-in-the-middle access to sensitive information. The CVE-2021-38418 issue is classified as high risk (CISA says 8.8/3.1) due to cleartext transmission of sensitive data. Affected component...

CVE-2021-38411

CVE-2021-38411 affects Delta Electronics DIALink (versions 1.2.4.0 and prior). The flaw is a Cross‑Site Scripting (XSS) in the API endpoint modbusWriter-Reader, where an authenticated attacker can inject arbitrary JavaScript code into the deviceName parameter, potentially enabling remote code exe...

CVE-2021-38411 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code...

Sensormatic Electronics VideoEdge

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc. Equipment: VideoEdge Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...