Diaenergie Security Vulnerabilities and Issues — Page 2 of Diaenergie CVE List

Lucene search

DeltawwDiaenergie

71 matches found

CVE•added 2022/11/17 11:15 p.m.•44 views

CVE-2022-43452

SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

8.8CVSS9.1AI score0.01288EPSS

CVE•added 2021/08/30 6:15 p.m.•43 views

CVE-2021-32967

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.

10CVSS9.2AI score0.00259EPSS

CVE•added 2021/08/30 6:15 p.m.•43 views

CVE-2021-33003

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.

5.5CVSS5.3AI score0.00028EPSS

CVE•added 2022/10/27 9:15 p.m.•43 views

CVE-2022-41555

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.

8.7CVSS5.9AI score0.04306EPSS

CVE•added 2024/05/06 2:15 p.m.•43 views

CVE-2024-4548

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.

9.8CVSS7.1AI score0.43849EPSS

CVE•added 2022/10/26 6:15 p.m.•42 views

CVE-2022-43774

The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.

9.8CVSS9.8AI score0.0018EPSS

CVE•added 2021/08/30 6:15 p.m.•41 views

CVE-2021-32991

Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.

4.3CVSS4.5AI score0.00092EPSS

CVE•added 2022/11/17 11:15 p.m.•41 views

CVE-2022-43447

SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

8.8CVSS9.1AI score0.00059EPSS

CVE•added 2022/10/27 9:15 p.m.•40 views

CVE-2022-40967

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.

8.8CVSS8.9AI score0.02972EPSS

CVE•added 2022/10/27 9:15 p.m.•40 views

CVE-2022-41702

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.

8.7CVSS5.9AI score0.05669EPSS

CVE•added 2022/10/26 6:15 p.m.•39 views

CVE-2022-43775

The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.

9.8CVSS9.8AI score0.07493EPSS

CVE•added 2022/10/27 9:15 p.m.•38 views

CVE-2022-40965

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.

8.7CVSS5.9AI score0.04306EPSS

CVE•added 2021/12/22 7:15 p.m.•36 views

CVE-2021-44544

DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.

7.5CVSS6.8AI score0.00209EPSS

CVE•added 2022/10/27 9:15 p.m.•36 views

CVE-2022-41701

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.

8.7CVSS5.9AI score0.05669EPSS

CVE•added 2022/11/17 11:15 p.m.•36 views

CVE-2022-43457

SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

8.8CVSS9.1AI score0.00059EPSS

CVE•added 2024/05/03 1:15 a.m.•36 views

CVE-2024-34033

Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.

8.8CVSS6.7AI score0.0015EPSS

CVE•added 2021/12/22 7:15 p.m.•34 views

CVE-2021-31558

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.

6.5CVSS6.6AI score0.00883EPSS

CVE•added 2023/02/17 5:15 p.m.•34 views

CVE-2023-0822

The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.

8.8CVSS8.6AI score0.00027EPSS

CVE•added 2024/05/03 1:15 a.m.•34 views

CVE-2024-34031

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.

8.8CVSS7.5AI score0.00043EPSS

CVE•added 2024/05/03 1:15 a.m.•34 views

CVE-2024-34032

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.

8.8CVSS7.5AI score0.00782EPSS

CVE•added 2024/10/03 11:15 p.m.•34 views

CVE-2024-42417

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.

8.8CVSS8.9AI score0.00373EPSS

Total number of security vulnerabilities71