DIAEnergy
CVEs (82)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-41701 | Hig | 0.57 | 8.7 | 0.11 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | ||
| CVE-2022-41651 | Hig | 0.57 | 8.7 | 0.11 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. | ||
| CVE-2022-41555 | Hig | 0.57 | 8.7 | 0.11 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. | ||
| CVE-2022-40965 | Hig | 0.57 | 8.7 | 0.11 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | ||
| CVE-2024-28171 | Hig | 0.53 | 8.1 | 0.01 | Mar 21, 2024 | It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten. | ||
| CVE-2024-25567 | Hig | 0.53 | 8.1 | 0.01 | Mar 21, 2024 | Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten. | ||
| CVE-2022-1098 | Hig | 0.51 | 7.8 | 0.00 | Apr 1, 2022 | Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges | ||
| CVE-2022-26839 | Hig | 0.51 | 7.8 | 0.00 | Mar 29, 2022 | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files. | ||
| CVE-2021-44544 | Hig | 0.50 | 7.5 | 0.09 | Dec 22, 2021 | DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. | ||
| CVE-2024-4549 | Hig | 0.49 | 7.5 | 0.01 | May 6, 2024 | A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system. | ||
| CVE-2021-44471 | Hig | 0.49 | 7.5 | 0.01 | Dec 22, 2021 | DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. | ||
| CVE-2021-23228 | Hig | 0.49 | 7.5 | 0.01 | Dec 22, 2021 | DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. | ||
| CVE-2022-0988 | Hig | 0.46 | 7.1 | 0.01 | Mar 25, 2022 | Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product. | ||
| CVE-2021-31558 | Med | 0.43 | 6.5 | 0.11 | Dec 22, 2021 | DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”. | ||
| CVE-2025-57703 | Med | 0.40 | 6.1 | 0.00 | Aug 18, 2025 | DIAEnergie - Reflected Cross-site Scripting | ||
| CVE-2025-57702 | Med | 0.40 | 6.1 | 0.00 | Aug 18, 2025 | DIAEnergie - Reflected Cross-site Scripting | ||
| CVE-2025-57701 | Med | 0.40 | 6.1 | 0.00 | Aug 18, 2025 | DIAEnergie - Reflected Cross-site Scripting | ||
| CVE-2025-57700 | Med | 0.40 | 6.1 | 0.00 | Aug 18, 2025 | DIAEnergie - Stored Cross-site Scripting | ||
| CVE-2022-33005 | Med | 0.40 | 6.1 | 0.01 | Jun 27, 2022 | A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. | ||
| CVE-2021-33003 | Med | 0.36 | 5.5 | 0.00 | Aug 30, 2021 | Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. |
- risk 0.57cvss 8.7epss 0.11
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.
- risk 0.57cvss 8.7epss 0.11
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.
- risk 0.57cvss 8.7epss 0.11
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.
- risk 0.57cvss 8.7epss 0.11
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.
- risk 0.53cvss 8.1epss 0.01
It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
- risk 0.53cvss 8.1epss 0.01
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.
- risk 0.51cvss 7.8epss 0.00
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges
- risk 0.51cvss 7.8epss 0.00
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.
- risk 0.50cvss 7.5epss 0.09
DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.
- risk 0.49cvss 7.5epss 0.01
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.
- risk 0.49cvss 7.5epss 0.01
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”.
- risk 0.49cvss 7.5epss 0.01
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.
- risk 0.46cvss 7.1epss 0.01
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.
- risk 0.43cvss 6.5epss 0.11
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.
- risk 0.40cvss 6.1epss 0.00
DIAEnergie - Reflected Cross-site Scripting
- risk 0.40cvss 6.1epss 0.00
DIAEnergie - Reflected Cross-site Scripting
- risk 0.40cvss 6.1epss 0.00
DIAEnergie - Reflected Cross-site Scripting
- risk 0.40cvss 6.1epss 0.00
DIAEnergie - Stored Cross-site Scripting
- risk 0.40cvss 6.1epss 0.01
A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field.
- risk 0.36cvss 5.5epss 0.00
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.
Page 4 of 5