VYPR

DIAEnergy

by Delta Electronics

CVEs (82)

  • CVE-2022-41701HigOct 27, 2022
    risk 0.57cvss 8.7epss 0.11

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.

  • CVE-2022-41651HigOct 27, 2022
    risk 0.57cvss 8.7epss 0.11

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.

  • CVE-2022-41555HigOct 27, 2022
    risk 0.57cvss 8.7epss 0.11

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.

  • CVE-2022-40965HigOct 27, 2022
    risk 0.57cvss 8.7epss 0.11

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.

  • CVE-2024-28171HigMar 21, 2024
    risk 0.53cvss 8.1epss 0.01

    It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.

  • CVE-2024-25567HigMar 21, 2024
    risk 0.53cvss 8.1epss 0.01

    Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.

  • CVE-2022-1098HigApr 1, 2022
    risk 0.51cvss 7.8epss 0.00

    Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges

  • CVE-2022-26839HigMar 29, 2022
    risk 0.51cvss 7.8epss 0.00

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.

  • CVE-2021-44544HigDec 22, 2021
    risk 0.50cvss 7.5epss 0.09

    DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.

  • CVE-2024-4549HigMay 6, 2024
    risk 0.49cvss 7.5epss 0.01

    A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.

  • CVE-2021-44471HigDec 22, 2021
    risk 0.49cvss 7.5epss 0.01

    DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”.

  • CVE-2021-23228HigDec 22, 2021
    risk 0.49cvss 7.5epss 0.01

    DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.

  • CVE-2022-0988HigMar 25, 2022
    risk 0.46cvss 7.1epss 0.01

    Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.

  • CVE-2021-31558MedDec 22, 2021
    risk 0.43cvss 6.5epss 0.11

    DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.

  • CVE-2025-57703MedAug 18, 2025
    risk 0.40cvss 6.1epss 0.00

    DIAEnergie - Reflected Cross-site Scripting

  • CVE-2025-57702MedAug 18, 2025
    risk 0.40cvss 6.1epss 0.00

    DIAEnergie - Reflected Cross-site Scripting

  • CVE-2025-57701MedAug 18, 2025
    risk 0.40cvss 6.1epss 0.00

    DIAEnergie - Reflected Cross-site Scripting

  • CVE-2025-57700MedAug 18, 2025
    risk 0.40cvss 6.1epss 0.00

    DIAEnergie - Stored Cross-site Scripting

  • CVE-2022-33005MedJun 27, 2022
    risk 0.40cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field.

  • CVE-2021-33003MedAug 30, 2021
    risk 0.36cvss 5.5epss 0.00

    Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.

Page 4 of 5