Lucene search

K

65 matches found

CVE
CVE
added 2021/08/30 6:15 p.m.43 views

CVE-2021-32967

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.

10CVSS9.2AI score0.00259EPSS
CVE
CVE
added 2021/08/30 6:15 p.m.43 views

CVE-2021-33003

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.

5.5CVSS5.3AI score0.00028EPSS
CVE
CVE
added 2022/10/27 9:15 p.m.43 views

CVE-2022-41555

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.

8.7CVSS5.9AI score0.04306EPSS
CVE
CVE
added 2024/05/06 2:15 p.m.43 views

CVE-2024-4548

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.

9.8CVSS7.1AI score0.43849EPSS
CVE
CVE
added 2021/08/30 6:15 p.m.41 views

CVE-2021-32991

Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.

4.3CVSS4.5AI score0.00092EPSS
CVE
CVE
added 2022/11/17 11:15 p.m.41 views

CVE-2022-43447

SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

8.8CVSS9.1AI score0.00059EPSS
CVE
CVE
added 2022/10/27 9:15 p.m.40 views

CVE-2022-40967

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.

8.8CVSS8.9AI score0.02972EPSS
CVE
CVE
added 2022/10/27 9:15 p.m.40 views

CVE-2022-41702

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.

8.7CVSS5.9AI score0.05669EPSS
CVE
CVE
added 2022/10/27 9:15 p.m.38 views

CVE-2022-40965

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.

8.7CVSS5.9AI score0.04306EPSS
CVE
CVE
added 2021/12/22 7:15 p.m.36 views

CVE-2021-44544

DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.

7.5CVSS6.8AI score0.00209EPSS
CVE
CVE
added 2022/10/27 9:15 p.m.36 views

CVE-2022-41701

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.

8.7CVSS5.9AI score0.05669EPSS
CVE
CVE
added 2022/11/17 11:15 p.m.36 views

CVE-2022-43457

SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

8.8CVSS9.1AI score0.00059EPSS
CVE
CVE
added 2021/12/22 7:15 p.m.34 views

CVE-2021-31558

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.

6.5CVSS6.6AI score0.00883EPSS
CVE
CVE
added 2023/02/17 5:15 p.m.34 views

CVE-2023-0822

The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.

8.8CVSS8.6AI score0.00027EPSS
CVE
CVE
added 2024/10/03 11:15 p.m.34 views

CVE-2024-42417

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.

8.8CVSS8.9AI score0.00373EPSS
Total number of security vulnerabilities65