DIAEnergy
CVEs (73)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-28891 | 0.00 | — | 0.01 | Mar 21, 2024 | SQL injection vulnerability exists in the script Handler_CFG.ashx. | |||
| CVE-2024-28029 | 0.00 | — | 0.00 | Mar 21, 2024 | Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality. | |||
| CVE-2023-0822 | 0.00 | — | 0.00 | Feb 17, 2023 | The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. | |||
| CVE-2022-43506 | 0.00 | — | 0.00 | Nov 17, 2022 | SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||
| CVE-2022-41775 | 0.00 | — | 0.00 | Nov 17, 2022 | SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||
| CVE-2022-43452 | 0.00 | — | 0.01 | Nov 17, 2022 | SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||
| CVE-2022-43457 | 0.00 | — | 0.00 | Nov 17, 2022 | SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||
| CVE-2022-43447 | 0.00 | — | 0.00 | Nov 17, 2022 | SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||
| CVE-2022-41702 | 0.00 | — | 0.00 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | |||
| CVE-2022-41651 | 0.00 | — | 0.00 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. | |||
| CVE-2022-41133 | 0.00 | — | 0.00 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||
| CVE-2022-41773 | 0.00 | — | 0.00 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||
| CVE-2022-41701 | 0.00 | — | 0.00 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | |||
| CVE-2022-40967 | 0.00 | — | 0.00 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||
| CVE-2022-41555 | 0.00 | — | 0.00 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. | |||
| CVE-2022-40965 | 0.00 | — | 0.00 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | |||
| CVE-2022-43774 | 0.00 | — | 0.01 | Oct 26, 2022 | The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||
| CVE-2022-43775 | 0.00 | — | 0.02 | Oct 26, 2022 | The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||
| CVE-2022-3214 | 0.00 | — | 0.05 | Sep 16, 2022 | Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer… | |||
| CVE-2022-1378 | 0.00 | — | 0.00 | May 2, 2022 | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. |
- CVE-2024-28891Mar 21, 2024risk 0.00cvss —epss 0.01
SQL injection vulnerability exists in the script Handler_CFG.ashx.
- CVE-2024-28029Mar 21, 2024risk 0.00cvss —epss 0.00
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
- CVE-2023-0822Feb 17, 2023risk 0.00cvss —epss 0.00
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
- CVE-2022-43506Nov 17, 2022risk 0.00cvss —epss 0.00
SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
- CVE-2022-41775Nov 17, 2022risk 0.00cvss —epss 0.00
SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
- CVE-2022-43452Nov 17, 2022risk 0.00cvss —epss 0.01
SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
- CVE-2022-43457Nov 17, 2022risk 0.00cvss —epss 0.00
SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
- CVE-2022-43447Nov 17, 2022risk 0.00cvss —epss 0.00
SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
- CVE-2022-41702Oct 27, 2022risk 0.00cvss —epss 0.00
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.
- CVE-2022-41651Oct 27, 2022risk 0.00cvss —epss 0.00
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.
- CVE-2022-41133Oct 27, 2022risk 0.00cvss —epss 0.00
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
- CVE-2022-41773Oct 27, 2022risk 0.00cvss —epss 0.00
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
- CVE-2022-41701Oct 27, 2022risk 0.00cvss —epss 0.00
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.
- CVE-2022-40967Oct 27, 2022risk 0.00cvss —epss 0.00
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
- CVE-2022-41555Oct 27, 2022risk 0.00cvss —epss 0.00
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.
- CVE-2022-40965Oct 27, 2022risk 0.00cvss —epss 0.00
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.
- CVE-2022-43774Oct 26, 2022risk 0.00cvss —epss 0.01
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
- CVE-2022-43775Oct 26, 2022risk 0.00cvss —epss 0.02
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
- CVE-2022-3214Sep 16, 2022risk 0.00cvss —epss 0.05
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer…
- CVE-2022-1378May 2, 2022risk 0.00cvss —epss 0.00
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Page 2 of 4