VYPR

Vendor CVEs

Delta Electronics

All CVEs

287 total · sorted by risk
  • CVE-2023-0124Feb 2, 2023
    risk 0.00cvss epss 0.00

    Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.

  • CVE-2023-0123Feb 2, 2023
    risk 0.00cvss epss 0.00

    Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.

  • CVE-2022-4634Feb 2, 2023
    risk 0.00cvss epss 0.05

    All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.

  • CVE-2023-0444Jan 24, 2023
    risk 0.00cvss epss 0.01

    A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows…

  • CVE-2022-41778Jan 12, 2023
    risk 0.00cvss epss 0.01

    Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon…

  • CVE-2022-2966Dec 16, 2022
    risk 0.00cvss epss 0.00

    Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions.

  • CVE-2022-2660Dec 13, 2022
    risk 0.00cvss epss 0.01

    Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine.

  • CVE-2022-42141Dec 13, 2022
    risk 0.00cvss epss 0.00

    Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter.

  • CVE-2022-2969Dec 1, 2022
    risk 0.00cvss epss 0.02

    Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements…

  • CVE-2022-43506Nov 17, 2022
    risk 0.00cvss epss 0.01

    SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

  • CVE-2022-41775Nov 17, 2022
    risk 0.00cvss epss 0.01

    SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

  • CVE-2022-43452Nov 17, 2022
    risk 0.00cvss epss 0.08

    SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

  • CVE-2022-43457Nov 17, 2022
    risk 0.00cvss epss 0.01

    SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

  • CVE-2022-43447Nov 17, 2022
    risk 0.00cvss epss 0.01

    SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

  • CVE-2022-41629Oct 31, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify…

  • CVE-2022-41776Oct 31, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the…

  • CVE-2022-41644Oct 31, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges.

  • CVE-2022-41688Oct 31, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user…

  • CVE-2022-40202Oct 31, 2022
    risk 0.00cvss epss 0.01

    The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function…

  • CVE-2022-41772Oct 31, 2022
    risk 0.00cvss epss 0.25

    Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution.

  • CVE-2022-41657Oct 31, 2022
    risk 0.00cvss epss 0.21

    Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be used in API operations…

  • CVE-2022-41779Oct 31, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed,…

  • CVE-2022-38142Oct 31, 2022
    risk 0.00cvss epss 0.18

    Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon…

  • CVE-2022-41702Oct 27, 2022
    risk 0.00cvss epss 0.11

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.

  • CVE-2022-41651Oct 27, 2022
    risk 0.00cvss epss 0.11

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.

  • CVE-2022-41133Oct 27, 2022
    risk 0.00cvss epss 0.27

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.

  • CVE-2022-41773Oct 27, 2022
    risk 0.00cvss epss 0.08

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.

  • CVE-2022-41701Oct 27, 2022
    risk 0.00cvss epss 0.11

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.

  • CVE-2022-40967Oct 27, 2022
    risk 0.00cvss epss 0.08

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.

  • CVE-2022-41555Oct 27, 2022
    risk 0.00cvss epss 0.11

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.

  • CVE-2022-40965Oct 27, 2022
    risk 0.00cvss epss 0.11

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.

  • CVE-2022-43774Oct 26, 2022
    risk 0.00cvss epss 0.01

    The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.

  • CVE-2022-43775Oct 26, 2022
    risk 0.00cvss epss 0.21

    The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.

  • CVE-2022-3214Sep 16, 2022
    risk 0.00cvss epss 0.01

    Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to  1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer…

  • CVE-2022-2759Aug 31, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control,…

  • CVE-2022-1405Aug 31, 2022
    risk 0.00cvss epss 0.02

    CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition.

  • CVE-2022-1404Aug 31, 2022
    risk 0.00cvss epss 0.00

    Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.

  • CVE-2022-33005Jun 27, 2022
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field.

  • CVE-2021-32969May 24, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code.

  • CVE-2021-32965May 24, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2022-1378May 2, 2022
    risk 0.00cvss epss 0.19

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1377May 2, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1376May 2, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1375May 2, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1374May 2, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1372May 2, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1371May 2, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1370May 2, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1369May 2, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1367May 2, 2022
    risk 0.00cvss epss 0.21

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Page 4 of 6