Lucene search

K
DeltawwDiaenergie

10 matches found

CVE
CVE
added 2022/03/29 5:15 p.m.103 views

CVE-2022-0923

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

9.8CVSS9.8AI score0.00207EPSS
CVE
CVE
added 2022/03/29 5:15 p.m.89 views

CVE-2022-25347

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.

9.8CVSS7.7AI score0.00804EPSS
CVE
CVE
added 2022/09/16 7:15 p.m.72 views

CVE-2022-3214

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing r...

9.8CVSS9.7AI score0.03101EPSS
CVE
CVE
added 2024/04/01 4:15 p.m.57 views

CVE-2024-25574

SQL injection vulnerability exists in GetDIAE_usListParameters.

9.8CVSS8.8AI score0.01887EPSS
CVE
CVE
added 2021/08/30 6:15 p.m.53 views

CVE-2021-32955

Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code.

9.8CVSS9.4AI score0.00567EPSS
CVE
CVE
added 2024/10/03 11:15 p.m.49 views

CVE-2024-43699

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.

9.8CVSS9.9AI score0.00427EPSS
CVE
CVE
added 2024/05/06 2:15 p.m.45 views

CVE-2024-4547

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field

9.8CVSS7.1AI score0.01055EPSS
CVE
CVE
added 2024/05/06 2:15 p.m.43 views

CVE-2024-4548

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.

9.8CVSS7.1AI score0.43849EPSS
CVE
CVE
added 2022/10/26 6:15 p.m.42 views

CVE-2022-43774

The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.

9.8CVSS9.8AI score0.0018EPSS
CVE
CVE
added 2022/10/26 6:15 p.m.39 views

CVE-2022-43775

The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.

9.8CVSS9.8AI score0.07493EPSS