VYPR

DIAEnergy

by Delta Electronics

CVEs (82)

  • CVE-2024-4548CriMay 6, 2024
    risk 0.69cvss 9.8epss 0.29

    An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth…

  • CVE-2021-32955CriAug 30, 2021
    risk 0.67cvss 9.8epss 0.37

    Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code.

  • CVE-2022-43775CriOct 26, 2022
    risk 0.65cvss 9.8epss 0.21

    The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.

  • CVE-2022-1378CriMay 2, 2022
    risk 0.65cvss 9.8epss 0.19

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1367CriMay 2, 2022
    risk 0.65cvss 9.8epss 0.21

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1366CriMay 2, 2022
    risk 0.65cvss 9.8epss 0.19

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-25347CriMar 29, 2022
    risk 0.65cvss 9.8epss 0.11

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.

  • CVE-2021-38393CriAug 30, 2021
    risk 0.65cvss 9.8epss 0.20

    A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as…

  • CVE-2021-38390CriAug 30, 2021
    risk 0.65cvss 9.8epss 0.20

    A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as…

  • CVE-2024-43699CriOct 3, 2024
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.

  • CVE-2024-4547CriMay 6, 2024
    risk 0.64cvss 9.8epss 0.02

    A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the…

  • CVE-2022-43774CriOct 26, 2022
    risk 0.64cvss 9.8epss 0.01

    The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.

  • CVE-2022-3214CriSep 16, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to  1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer…

  • CVE-2022-1377CriMay 2, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1376CriMay 2, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1375CriMay 2, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1374CriMay 2, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1372CriMay 2, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1371CriMay 2, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1370CriMay 2, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Page 1 of 5