Diaenergie Security Vulnerabilities and Issues — Diaenergie CVE List

Lucene search

DeltawwDiaenergie

12 matches found

CVE•added 2021/08/30 6:15 p.m.•64 views

CVE-2021-38391

A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A rem...

10CVSS9.8AI score0.01066EPSS

CVE•added 2021/08/30 6:15 p.m.•53 views

CVE-2021-32955

Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code.

9.8CVSS9.4AI score0.00567EPSS

CVE•added 2021/12/22 7:15 p.m.•48 views

CVE-2021-23228

DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.

7.5CVSS6.3AI score0.00156EPSS

CVE•added 2021/08/30 6:15 p.m.•48 views

CVE-2021-38390

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query. ...

10CVSS9.8AI score0.01245EPSS

CVE•added 2021/08/30 6:15 p.m.•47 views

CVE-2021-38393

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query. A...

10CVSS9.8AI score0.01647EPSS

CVE•added 2021/08/30 6:15 p.m.•46 views

CVE-2021-32983

A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A re...

10CVSS9.8AI score0.01976EPSS

CVE•added 2021/12/22 7:15 p.m.•44 views

CVE-2021-44471

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”.

7.5CVSS6.6AI score0.0044EPSS

CVE•added 2021/08/30 6:15 p.m.•43 views

CVE-2021-32967

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.

10CVSS9.2AI score0.00259EPSS

CVE•added 2021/08/30 6:15 p.m.•43 views

CVE-2021-33003

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.

5.5CVSS5.3AI score0.00028EPSS

CVE•added 2021/08/30 6:15 p.m.•41 views

CVE-2021-32991

Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.

4.3CVSS4.5AI score0.00092EPSS

CVE•added 2021/12/22 7:15 p.m.•36 views

CVE-2021-44544

DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.

7.5CVSS6.8AI score0.00209EPSS

CVE•added 2021/12/22 7:15 p.m.•34 views

CVE-2021-31558

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.

6.5CVSS6.6AI score0.00883EPSS