Diaenergie
by Diaenerrgie
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-41133 | Hig | 0.59 | 8.8 | 0.27 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||
| CVE-2022-41773 | Hig | 0.58 | 8.8 | 0.08 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||
| CVE-2022-40967 | Hig | 0.58 | 8.8 | 0.08 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||
| CVE-2023-0822 | Hig | 0.57 | 8.8 | 0.01 | Feb 17, 2023 | The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. | ||
| CVE-2022-41702 | Hig | 0.57 | 8.7 | 0.11 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | ||
| CVE-2022-41701 | Hig | 0.57 | 8.7 | 0.11 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | ||
| CVE-2022-41651 | Hig | 0.57 | 8.7 | 0.11 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. | ||
| CVE-2022-41555 | Hig | 0.57 | 8.7 | 0.11 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. | ||
| CVE-2022-40965 | Hig | 0.57 | 8.7 | 0.11 | Oct 27, 2022 | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | ||
| CVE-2022-1098 | Hig | 0.51 | 7.8 | 0.00 | Apr 1, 2022 | Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges | ||
| CVE-2021-44544 | Hig | 0.50 | 7.5 | 0.09 | Dec 22, 2021 | DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. | ||
| CVE-2021-44471 | Hig | 0.49 | 7.5 | 0.01 | Dec 22, 2021 | DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. | ||
| CVE-2021-31558 | Med | 0.43 | 6.5 | 0.11 | Dec 22, 2021 | DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”. |
- risk 0.59cvss 8.8epss 0.27
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
- risk 0.58cvss 8.8epss 0.08
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
- risk 0.58cvss 8.8epss 0.08
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
- risk 0.57cvss 8.8epss 0.01
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
- risk 0.57cvss 8.7epss 0.11
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.
- risk 0.57cvss 8.7epss 0.11
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.
- risk 0.57cvss 8.7epss 0.11
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.
- risk 0.57cvss 8.7epss 0.11
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.
- risk 0.57cvss 8.7epss 0.11
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.
- risk 0.51cvss 7.8epss 0.00
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges
- risk 0.50cvss 7.5epss 0.09
DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.
- risk 0.49cvss 7.5epss 0.01
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”.
- risk 0.43cvss 6.5epss 0.11
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.