Diaenergie@* Security Vulnerabilities and Issues — Diaenergie@* CVE List

Lucene search

DeltawwDiaenergie*

65 matches found

CVE•added 2022/04/01 11:15 p.m.•130 views

CVE-2022-1098

Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges

7.8CVSS7.8AI score0.00044EPSS

CVE•added 2022/03/29 5:15 p.m.•128 views

CVE-2022-26338

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.8AI score0.00217EPSS

CVE•added 2022/03/29 5:15 p.m.•103 views

CVE-2022-0923

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

9.8CVSS9.8AI score0.00207EPSS

CVE•added 2022/03/29 5:15 p.m.•98 views

CVE-2022-26013

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.8AI score0.00643EPSS

CVE•added 2022/03/29 5:15 p.m.•95 views

CVE-2022-26839

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.

7.8CVSS7.7AI score0.00043EPSS

CVE•added 2022/05/02 7:15 p.m.•91 views

CVE-2022-1367

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.7AI score0.00425EPSS

CVE•added 2022/05/02 7:15 p.m.•90 views

CVE-2022-1377

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.7AI score0.00217EPSS

CVE•added 2022/03/29 5:15 p.m.•89 views

CVE-2022-25347

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.

9.8CVSS7.7AI score0.00804EPSS

CVE•added 2022/03/29 5:15 p.m.•89 views

CVE-2022-27175

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.8AI score0.00217EPSS

CVE•added 2022/03/29 5:15 p.m.•88 views

CVE-2022-26065

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.8AI score0.00217EPSS

CVE•added 2022/03/29 5:15 p.m.•87 views

CVE-2022-26349

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.8AI score0.00217EPSS

CVE•added 2022/05/02 7:15 p.m.•83 views

CVE-2022-1376

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.6AI score0.00217EPSS

CVE•added 2022/03/25 7:15 p.m.•82 views

CVE-2022-0988

Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.

7.5CVSS7.1AI score0.00128EPSS

CVE•added 2022/03/29 5:15 p.m.•81 views

CVE-2022-25880

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.8AI score0.00217EPSS

CVE•added 2022/03/29 5:15 p.m.•78 views

CVE-2022-26514

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.8AI score0.00217EPSS

CVE•added 2022/05/02 7:15 p.m.•76 views

CVE-2022-1375

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.7AI score0.00217EPSS

CVE•added 2022/03/29 5:15 p.m.•76 views

CVE-2022-25980

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.8AI score0.00217EPSS

CVE•added 2022/05/02 7:15 p.m.•75 views

CVE-2022-1369

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.7AI score0.00217EPSS

CVE•added 2022/05/02 7:15 p.m.•74 views

CVE-2022-1371

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.7AI score0.00217EPSS

CVE•added 2022/03/29 5:15 p.m.•74 views

CVE-2022-26836

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.8AI score0.00217EPSS

CVE•added 2022/03/29 5:15 p.m.•73 views

CVE-2022-26666

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.8AI score0.00217EPSS

CVE•added 2022/09/16 7:15 p.m.•72 views

CVE-2022-3214

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing r...

9.8CVSS9.7AI score0.03101EPSS

CVE•added 2022/05/02 6:15 p.m.•70 views

CVE-2022-1366

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.7AI score0.005EPSS

CVE•added 2022/05/02 7:15 p.m.•70 views

CVE-2022-1372

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.7AI score0.00217EPSS

CVE•added 2022/03/29 5:15 p.m.•69 views

CVE-2022-26667

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.8AI score0.00217EPSS

CVE•added 2022/03/29 5:15 p.m.•68 views

CVE-2022-26887

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.8AI score0.00403EPSS

CVE•added 2022/05/02 7:15 p.m.•65 views

CVE-2022-1370

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.6AI score0.00217EPSS

CVE•added 2021/08/30 6:15 p.m.•64 views

CVE-2021-38391

A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A rem...

10CVSS9.8AI score0.01066EPSS

CVE•added 2022/05/02 7:15 p.m.•64 views

CVE-2022-1378

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.7AI score0.00403EPSS

CVE•added 2022/03/29 5:15 p.m.•64 views

CVE-2022-26059

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.8AI score0.00217EPSS

CVE•added 2022/05/02 7:15 p.m.•60 views

CVE-2022-1374

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.7AI score0.00217EPSS

CVE•added 2022/03/29 5:15 p.m.•59 views

CVE-2022-26069

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

10CVSS9.8AI score0.00217EPSS

CVE•added 2024/04/01 4:15 p.m.•57 views

CVE-2024-25574

SQL injection vulnerability exists in GetDIAE_usListParameters.

9.8CVSS8.8AI score0.01887EPSS

CVE•added 2022/11/17 11:15 p.m.•55 views

CVE-2022-43506

SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

8.8CVSS9.1AI score0.00059EPSS

CVE•added 2021/08/30 6:15 p.m.•53 views

CVE-2021-32955

Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code.

9.8CVSS9.4AI score0.00567EPSS

CVE•added 2022/10/27 9:15 p.m.•51 views

CVE-2022-41651

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.

8.7CVSS5.9AI score0.04306EPSS

CVE•added 2022/10/27 9:15 p.m.•49 views

CVE-2022-41773

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.

8.8CVSS8.9AI score0.0221EPSS

CVE•added 2024/10/03 11:15 p.m.•49 views

CVE-2024-43699

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.

9.8CVSS9.9AI score0.00612EPSS

CVE•added 2021/12/22 7:15 p.m.•48 views

CVE-2021-23228

DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.

7.5CVSS6.3AI score0.00156EPSS

CVE•added 2021/08/30 6:15 p.m.•48 views

CVE-2021-38390

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query. ...

10CVSS9.8AI score0.01647EPSS

CVE•added 2021/08/30 6:15 p.m.•47 views

CVE-2021-38393

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query. A...

10CVSS9.8AI score0.01647EPSS

CVE•added 2024/03/21 10:15 p.m.•47 views

CVE-2024-25937

SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.

8.8CVSS8.8AI score0.01185EPSS

CVE•added 2021/08/30 6:15 p.m.•46 views

CVE-2021-32983

A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A re...

10CVSS9.8AI score0.01976EPSS

CVE•added 2022/10/27 9:15 p.m.•46 views

CVE-2022-41133

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.

8.8CVSS8.9AI score0.01741EPSS

CVE•added 2024/03/21 10:15 p.m.•46 views

CVE-2024-28029

Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.

8.8CVSS8.7AI score0.00017EPSS

CVE•added 2022/11/17 11:15 p.m.•45 views

CVE-2022-41775

SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

8.8CVSS9.1AI score0.00059EPSS

CVE•added 2024/05/06 2:15 p.m.•45 views

CVE-2024-4547

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field

9.8CVSS7.1AI score0.01055EPSS

CVE•added 2024/05/06 2:15 p.m.•45 views

CVE-2024-4549

A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.

7.5CVSS6.7AI score0.00079EPSS

CVE•added 2021/12/22 7:15 p.m.•44 views

CVE-2021-44471

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”.

7.5CVSS6.6AI score0.0044EPSS

CVE•added 2022/11/17 11:15 p.m.•44 views

CVE-2022-43452

SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

8.8CVSS9.1AI score0.01288EPSS

Total number of security vulnerabilities65