VYPR

DIAEnergy

by Delta Electronics

CVEs (82)

  • CVE-2022-1369CriMay 2, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-27175CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26887CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.10

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26836CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26667CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26666CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26514CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26349CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26338CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26069CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26065CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26059CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26013CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.09

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-25980CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-25880CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-0923CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2021-38391CriAug 30, 2021
    risk 0.64cvss 9.8epss 0.03

    A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of…

  • CVE-2021-32983CriAug 30, 2021
    risk 0.64cvss 9.8epss 0.04

    A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part…

  • CVE-2021-32967CriAug 30, 2021
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.

  • CVE-2022-41133HigOct 27, 2022
    risk 0.59cvss 8.8epss 0.27

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.

Page 2 of 5