VYPR

Vendor CVEs

Delta Electronics

All CVEs

287 total · sorted by risk
  • CVE-2022-1366May 2, 2022
    risk 0.00cvss epss 0.19

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-1098Apr 1, 2022
    risk 0.00cvss epss 0.00

    Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges

  • CVE-2022-27175Mar 29, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26839Mar 29, 2022
    risk 0.00cvss epss 0.00

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.

  • CVE-2022-26667Mar 29, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26338Mar 29, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26514Mar 29, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26666Mar 29, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26887Mar 29, 2022
    risk 0.00cvss epss 0.10

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26836Mar 29, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26349Mar 29, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26065Mar 29, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26013Mar 29, 2022
    risk 0.00cvss epss 0.09

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-25880Mar 29, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-0923Mar 29, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26069Mar 29, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-25347Mar 29, 2022
    risk 0.00cvss epss 0.11

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.

  • CVE-2022-25980Mar 29, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2022-26059Mar 29, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

  • CVE-2021-44768Mar 25, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information.

  • CVE-2022-0988Mar 25, 2022
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.

  • CVE-2021-23228Dec 22, 2021
    risk 0.00cvss epss 0.01

    DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.

  • CVE-2021-31558Dec 22, 2021
    risk 0.00cvss epss 0.11

    DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.

  • CVE-2021-44544Dec 22, 2021
    risk 0.00cvss epss 0.09

    DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.

  • CVE-2021-44471Dec 22, 2021
    risk 0.00cvss epss 0.01

    DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”.

  • CVE-2021-43982Dec 9, 2021
    risk 0.00cvss epss 0.10

    Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

  • CVE-2021-38488Nov 3, 2021
    risk 0.00cvss epss 0.12

    Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code.

  • CVE-2021-38416Nov 3, 2021
    risk 0.00cvss epss 0.00

    Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed.

  • CVE-2021-38428Nov 3, 2021
    risk 0.00cvss epss 0.11

    Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code.

  • CVE-2021-38420Nov 3, 2021
    risk 0.00cvss epss 0.00

    Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.

  • CVE-2021-38407Nov 3, 2021
    risk 0.00cvss epss 0.01

    Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code.

  • CVE-2021-38424Nov 3, 2021
    risk 0.00cvss epss 0.00

    The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.

  • CVE-2021-38403Nov 3, 2021
    risk 0.00cvss epss 0.01

    Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code.

  • CVE-2021-38422Nov 3, 2021
    risk 0.00cvss epss 0.00

    Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges.

  • CVE-2021-38418Nov 3, 2021
    risk 0.00cvss epss 0.01

    Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization.

  • CVE-2021-38411Nov 3, 2021
    risk 0.00cvss epss 0.01

    Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code.

  • CVE-2021-38404Sep 17, 2021
    risk 0.00cvss epss 0.01

    Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the…

  • CVE-2021-38402Sep 17, 2021
    risk 0.00cvss epss 0.08

    Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage…

  • CVE-2021-38390Aug 30, 2021
    risk 0.00cvss epss 0.20

    A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as…

  • CVE-2021-32983Aug 30, 2021
    risk 0.00cvss epss 0.04

    A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part…

  • CVE-2021-38393Aug 30, 2021
    risk 0.00cvss epss 0.20

    A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as…

  • CVE-2021-38391Aug 30, 2021
    risk 0.00cvss epss 0.03

    A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of…

  • CVE-2021-32991Aug 30, 2021
    risk 0.00cvss epss 0.00

    Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.

  • CVE-2021-32955Aug 30, 2021
    risk 0.00cvss epss 0.37

    Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code.

  • CVE-2021-32967Aug 30, 2021
    risk 0.00cvss epss 0.01

    Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.

  • CVE-2021-33003Aug 30, 2021
    risk 0.00cvss epss 0.00

    Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.

  • CVE-2021-33019Aug 30, 2021
    risk 0.00cvss epss 0.02

    A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code.

  • CVE-2021-33007Aug 30, 2021
    risk 0.00cvss epss 0.01

    A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code.

  • CVE-2021-27412Jul 2, 2021
    risk 0.00cvss epss 0.01

    Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.

  • CVE-2021-27455Jul 2, 2021
    risk 0.00cvss epss 0.01

    Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information.

Page 5 of 6