Vendor CVEs
Delta Electronics
All CVEs
287 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-58319 | 0.00 | — | 0.00 | Sep 24, 2025 | Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | |||
| CVE-2025-58317 | 0.00 | — | 0.00 | Sep 24, 2025 | Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | |||
| CVE-2025-58320 | 0.00 | — | 0.13 | Sep 11, 2025 | Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. | |||
| CVE-2025-58321 | 0.00 | — | 0.01 | Sep 11, 2025 | Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. | |||
| CVE-2025-57703 | 0.00 | — | 0.00 | Aug 18, 2025 | DIAEnergie - Reflected Cross-site Scripting | |||
| CVE-2025-57702 | 0.00 | — | 0.00 | Aug 18, 2025 | DIAEnergie - Reflected Cross-site Scripting | |||
| CVE-2025-57701 | 0.00 | — | 0.00 | Aug 18, 2025 | DIAEnergie - Reflected Cross-site Scripting | |||
| CVE-2025-57700 | 0.00 | — | 0.00 | Aug 18, 2025 | DIAEnergie - Stored Cross-site Scripting | |||
| CVE-2025-47728 | 0.00 | — | 0.00 | Jun 4, 2025 | Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | |||
| CVE-2025-47727 | 0.00 | — | 0.00 | Jun 4, 2025 | Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | |||
| CVE-2025-47726 | 0.00 | — | 0.00 | Jun 4, 2025 | Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | |||
| CVE-2025-47725 | 0.00 | — | 0.00 | Jun 4, 2025 | Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | |||
| CVE-2025-47724 | 0.00 | — | 0.00 | Jun 4, 2025 | Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | |||
| CVE-2025-4125 | 0.00 | — | 0.00 | Apr 30, 2025 | Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. | |||
| CVE-2025-4124 | 0.00 | — | 0.00 | Apr 30, 2025 | Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. | |||
| CVE-2025-22884 | 0.00 | — | 0.00 | Apr 30, 2025 | Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. | |||
| CVE-2025-22883 | 0.00 | — | 0.00 | Apr 30, 2025 | Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. | |||
| CVE-2025-22882 | 0.00 | — | 0.00 | Apr 30, 2025 | Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file. | |||
| CVE-2025-22881 | 0.00 | — | 0.00 | Feb 26, 2025 | Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the… | |||
| CVE-2025-22880 | 0.00 | — | 0.00 | Feb 7, 2025 | Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the… | |||
| CVE-2024-12836 | 0.00 | — | 0.00 | Dec 30, 2024 | Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this… | |||
| CVE-2024-12835 | 0.00 | — | 0.00 | Dec 30, 2024 | Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this… | |||
| CVE-2024-12834 | 0.00 | — | 0.00 | Dec 30, 2024 | Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this… | |||
| CVE-2024-39354 | 0.00 | — | 0.00 | Nov 11, 2024 | If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code. | |||
| CVE-2024-39605 | 0.00 | — | 0.03 | Nov 11, 2024 | If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code. | |||
| CVE-2024-47131 | 0.00 | — | 0.00 | Nov 11, 2024 | If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code. | |||
| CVE-2024-47966 | 0.00 | — | 0.00 | Oct 10, 2024 | Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | |||
| CVE-2024-47965 | 0.00 | — | 0.00 | Oct 10, 2024 | Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the… | |||
| CVE-2024-47964 | 0.00 | — | 0.00 | Oct 10, 2024 | Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of… | |||
| CVE-2024-47963 | 0.00 | — | 0.00 | Oct 10, 2024 | Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the… | |||
| CVE-2024-47962 | 0.00 | — | 0.03 | Oct 10, 2024 | Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the… | |||
| CVE-2024-43699 | 0.00 | — | 0.01 | Oct 3, 2024 | Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product. | |||
| CVE-2024-8255 | 0.00 | — | 0.01 | Aug 29, 2024 | Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. | |||
| CVE-2024-7502 | 0.00 | — | 0.00 | Aug 6, 2024 | A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. | |||
| CVE-2024-39883 | 0.00 | — | 0.01 | Jul 9, 2024 | Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the… | |||
| CVE-2024-39882 | 0.00 | — | 0.01 | Jul 9, 2024 | Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of… | |||
| CVE-2024-39881 | 0.00 | — | 0.01 | Jul 9, 2024 | Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current… | |||
| CVE-2024-39880 | 0.00 | — | 0.01 | Jul 9, 2024 | Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the… | |||
| CVE-2024-4549 | 0.00 | — | 0.01 | May 6, 2024 | A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system. | |||
| CVE-2024-4547 | 0.00 | — | 0.02 | May 6, 2024 | A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the… | |||
| CVE-2024-34033 | 0.00 | — | 0.01 | May 3, 2024 | Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.… | |||
| CVE-2024-34031 | 0.00 | — | 0.01 | May 3, 2024 | Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed. | |||
| CVE-2024-34032 | 0.00 | — | 0.09 | May 3, 2024 | Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed. | |||
| CVE-2024-4192 | 0.00 | — | 0.00 | Apr 30, 2024 | Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||
| CVE-2024-25574 | 0.00 | — | 0.09 | Apr 1, 2024 | SQL injection vulnerability exists in GetDIAE_usListParameters. | |||
| CVE-2024-28045 | 0.00 | — | 0.00 | Mar 21, 2024 | Improper neutralization of input within the affected product could lead to cross-site scripting. | |||
| CVE-2024-25567 | 0.00 | — | 0.01 | Mar 21, 2024 | Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten. | |||
| CVE-2024-28171 | 0.00 | — | 0.01 | Mar 21, 2024 | It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten. | |||
| CVE-2024-23494 | 0.00 | — | 0.08 | Mar 21, 2024 | SQL injection vulnerability exists in GetDIAE_unListParameters. | |||
| CVE-2024-23975 | 0.00 | — | 0.08 | Mar 21, 2024 | SQL injection vulnerability exists in GetDIAE_slogListParameters. |
- CVE-2025-58319Sep 24, 2025risk 0.00cvss —epss 0.00
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
- CVE-2025-58317Sep 24, 2025risk 0.00cvss —epss 0.00
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
- CVE-2025-58320Sep 11, 2025risk 0.00cvss —epss 0.13
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
- CVE-2025-58321Sep 11, 2025risk 0.00cvss —epss 0.01
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
- CVE-2025-57703Aug 18, 2025risk 0.00cvss —epss 0.00
DIAEnergie - Reflected Cross-site Scripting
- CVE-2025-57702Aug 18, 2025risk 0.00cvss —epss 0.00
DIAEnergie - Reflected Cross-site Scripting
- CVE-2025-57701Aug 18, 2025risk 0.00cvss —epss 0.00
DIAEnergie - Reflected Cross-site Scripting
- CVE-2025-57700Aug 18, 2025risk 0.00cvss —epss 0.00
DIAEnergie - Stored Cross-site Scripting
- CVE-2025-47728Jun 4, 2025risk 0.00cvss —epss 0.00
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
- CVE-2025-47727Jun 4, 2025risk 0.00cvss —epss 0.00
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
- CVE-2025-47726Jun 4, 2025risk 0.00cvss —epss 0.00
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
- CVE-2025-47725Jun 4, 2025risk 0.00cvss —epss 0.00
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
- CVE-2025-47724Jun 4, 2025risk 0.00cvss —epss 0.00
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
- CVE-2025-4125Apr 30, 2025risk 0.00cvss —epss 0.00
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.
- CVE-2025-4124Apr 30, 2025risk 0.00cvss —epss 0.00
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.
- CVE-2025-22884Apr 30, 2025risk 0.00cvss —epss 0.00
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.
- CVE-2025-22883Apr 30, 2025risk 0.00cvss —epss 0.00
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.
- CVE-2025-22882Apr 30, 2025risk 0.00cvss —epss 0.00
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file.
- CVE-2025-22881Feb 26, 2025risk 0.00cvss —epss 0.00
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the…
- CVE-2025-22880Feb 7, 2025risk 0.00cvss —epss 0.00
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the…
- CVE-2024-12836Dec 30, 2024risk 0.00cvss —epss 0.00
Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this…
- CVE-2024-12835Dec 30, 2024risk 0.00cvss —epss 0.00
Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this…
- CVE-2024-12834Dec 30, 2024risk 0.00cvss —epss 0.00
Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this…
- CVE-2024-39354Nov 11, 2024risk 0.00cvss —epss 0.00
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.
- CVE-2024-39605Nov 11, 2024risk 0.00cvss —epss 0.03
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.
- CVE-2024-47131Nov 11, 2024risk 0.00cvss —epss 0.00
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code.
- CVE-2024-47966Oct 10, 2024risk 0.00cvss —epss 0.00
Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
- CVE-2024-47965Oct 10, 2024risk 0.00cvss —epss 0.00
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the…
- CVE-2024-47964Oct 10, 2024risk 0.00cvss —epss 0.00
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of…
- CVE-2024-47963Oct 10, 2024risk 0.00cvss —epss 0.00
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the…
- CVE-2024-47962Oct 10, 2024risk 0.00cvss —epss 0.03
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the…
- CVE-2024-43699Oct 3, 2024risk 0.00cvss —epss 0.01
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.
- CVE-2024-8255Aug 29, 2024risk 0.00cvss —epss 0.01
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.
- CVE-2024-7502Aug 6, 2024risk 0.00cvss —epss 0.00
A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code.
- CVE-2024-39883Jul 9, 2024risk 0.00cvss —epss 0.01
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the…
- CVE-2024-39882Jul 9, 2024risk 0.00cvss —epss 0.01
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of…
- CVE-2024-39881Jul 9, 2024risk 0.00cvss —epss 0.01
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current…
- CVE-2024-39880Jul 9, 2024risk 0.00cvss —epss 0.01
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the…
- CVE-2024-4549May 6, 2024risk 0.00cvss —epss 0.01
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.
- CVE-2024-4547May 6, 2024risk 0.00cvss —epss 0.02
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the…
- CVE-2024-34033May 3, 2024risk 0.00cvss —epss 0.01
Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.…
- CVE-2024-34031May 3, 2024risk 0.00cvss —epss 0.01
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
- CVE-2024-34032May 3, 2024risk 0.00cvss —epss 0.09
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
- CVE-2024-4192Apr 30, 2024risk 0.00cvss —epss 0.00
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
- CVE-2024-25574Apr 1, 2024risk 0.00cvss —epss 0.09
SQL injection vulnerability exists in GetDIAE_usListParameters.
- CVE-2024-28045Mar 21, 2024risk 0.00cvss —epss 0.00
Improper neutralization of input within the affected product could lead to cross-site scripting.
- CVE-2024-25567Mar 21, 2024risk 0.00cvss —epss 0.01
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.
- CVE-2024-28171Mar 21, 2024risk 0.00cvss —epss 0.01
It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
- CVE-2024-23494Mar 21, 2024risk 0.00cvss —epss 0.08
SQL injection vulnerability exists in GetDIAE_unListParameters.
- CVE-2024-23975Mar 21, 2024risk 0.00cvss —epss 0.08
SQL injection vulnerability exists in GetDIAE_slogListParameters.
Page 2 of 6