VYPR

Vendor CVEs

Delta Electronics

All CVEs

287 total · sorted by risk
  • CVE-2025-58319Sep 24, 2025
    risk 0.00cvss epss 0.00

    Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

  • CVE-2025-58317Sep 24, 2025
    risk 0.00cvss epss 0.00

    Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

  • CVE-2025-58320Sep 11, 2025
    risk 0.00cvss epss 0.13

    Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.

  • CVE-2025-58321Sep 11, 2025
    risk 0.00cvss epss 0.01

    Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.

  • CVE-2025-57703Aug 18, 2025
    risk 0.00cvss epss 0.00

    DIAEnergie - Reflected Cross-site Scripting

  • CVE-2025-57702Aug 18, 2025
    risk 0.00cvss epss 0.00

    DIAEnergie - Reflected Cross-site Scripting

  • CVE-2025-57701Aug 18, 2025
    risk 0.00cvss epss 0.00

    DIAEnergie - Reflected Cross-site Scripting

  • CVE-2025-57700Aug 18, 2025
    risk 0.00cvss epss 0.00

    DIAEnergie - Stored Cross-site Scripting

  • CVE-2025-47728Jun 4, 2025
    risk 0.00cvss epss 0.00

    Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

  • CVE-2025-47727Jun 4, 2025
    risk 0.00cvss epss 0.00

    Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

  • CVE-2025-47726Jun 4, 2025
    risk 0.00cvss epss 0.00

    Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

  • CVE-2025-47725Jun 4, 2025
    risk 0.00cvss epss 0.00

    Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

  • CVE-2025-47724Jun 4, 2025
    risk 0.00cvss epss 0.00

    Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

  • CVE-2025-4125Apr 30, 2025
    risk 0.00cvss epss 0.00

    Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.

  • CVE-2025-4124Apr 30, 2025
    risk 0.00cvss epss 0.00

    Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.

  • CVE-2025-22884Apr 30, 2025
    risk 0.00cvss epss 0.00

    Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.

  • CVE-2025-22883Apr 30, 2025
    risk 0.00cvss epss 0.00

    Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.

  • CVE-2025-22882Apr 30, 2025
    risk 0.00cvss epss 0.00

    Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file.

  • CVE-2025-22881Feb 26, 2025
    risk 0.00cvss epss 0.00

    Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the…

  • CVE-2025-22880Feb 7, 2025
    risk 0.00cvss epss 0.00

    Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the…

  • CVE-2024-12836Dec 30, 2024
    risk 0.00cvss epss 0.00

    Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this…

  • CVE-2024-12835Dec 30, 2024
    risk 0.00cvss epss 0.00

    Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this…

  • CVE-2024-12834Dec 30, 2024
    risk 0.00cvss epss 0.00

    Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this…

  • CVE-2024-39354Nov 11, 2024
    risk 0.00cvss epss 0.00

    If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.

  • CVE-2024-39605Nov 11, 2024
    risk 0.00cvss epss 0.03

    If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.

  • CVE-2024-47131Nov 11, 2024
    risk 0.00cvss epss 0.00

    If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code.

  • CVE-2024-47966Oct 10, 2024
    risk 0.00cvss epss 0.00

    Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.

  • CVE-2024-47965Oct 10, 2024
    risk 0.00cvss epss 0.00

    Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the…

  • CVE-2024-47964Oct 10, 2024
    risk 0.00cvss epss 0.00

    Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of…

  • CVE-2024-47963Oct 10, 2024
    risk 0.00cvss epss 0.00

    Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the…

  • CVE-2024-47962Oct 10, 2024
    risk 0.00cvss epss 0.03

    Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the…

  • CVE-2024-43699Oct 3, 2024
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.

  • CVE-2024-8255Aug 29, 2024
    risk 0.00cvss epss 0.01

    Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.

  • CVE-2024-7502Aug 6, 2024
    risk 0.00cvss epss 0.00

    A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code.

  • CVE-2024-39883Jul 9, 2024
    risk 0.00cvss epss 0.01

    Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the…

  • CVE-2024-39882Jul 9, 2024
    risk 0.00cvss epss 0.01

    Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of…

  • CVE-2024-39881Jul 9, 2024
    risk 0.00cvss epss 0.01

    Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current…

  • CVE-2024-39880Jul 9, 2024
    risk 0.00cvss epss 0.01

    Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the…

  • CVE-2024-4549May 6, 2024
    risk 0.00cvss epss 0.01

    A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.

  • CVE-2024-4547May 6, 2024
    risk 0.00cvss epss 0.02

    A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the…

  • CVE-2024-34033May 3, 2024
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.…

  • CVE-2024-34031May 3, 2024
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.

  • CVE-2024-34032May 3, 2024
    risk 0.00cvss epss 0.09

    Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.

  • CVE-2024-4192Apr 30, 2024
    risk 0.00cvss epss 0.00

    Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

  • CVE-2024-25574Apr 1, 2024
    risk 0.00cvss epss 0.09

    SQL injection vulnerability exists in GetDIAE_usListParameters.

  • CVE-2024-28045Mar 21, 2024
    risk 0.00cvss epss 0.00

    Improper neutralization of input within the affected product could lead to cross-site scripting.

  • CVE-2024-25567Mar 21, 2024
    risk 0.00cvss epss 0.01

    Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.

  • CVE-2024-28171Mar 21, 2024
    risk 0.00cvss epss 0.01

    It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.

  • CVE-2024-23494Mar 21, 2024
    risk 0.00cvss epss 0.08

    SQL injection vulnerability exists in GetDIAE_unListParameters.

  • CVE-2024-23975Mar 21, 2024
    risk 0.00cvss epss 0.08

    SQL injection vulnerability exists in GetDIAE_slogListParameters.

Page 2 of 6