VYPR
Vendor

Diaenerrgie

Products
1
CVEs
13
Across products
13
Status
Private

Products

1

Recent CVEs

13
  • CVE-2022-41133HigOct 27, 2022
    risk 0.59cvss 8.8epss 0.27

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.

  • CVE-2022-41773HigOct 27, 2022
    risk 0.58cvss 8.8epss 0.08

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.

  • CVE-2022-40967HigOct 27, 2022
    risk 0.58cvss 8.8epss 0.08

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.

  • CVE-2023-0822HigFeb 17, 2023
    risk 0.57cvss 8.8epss 0.01

    The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.

  • CVE-2022-41702HigOct 27, 2022
    risk 0.57cvss 8.7epss 0.11

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.

  • CVE-2022-41701HigOct 27, 2022
    risk 0.57cvss 8.7epss 0.11

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.

  • CVE-2022-41651HigOct 27, 2022
    risk 0.57cvss 8.7epss 0.11

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.

  • CVE-2022-41555HigOct 27, 2022
    risk 0.57cvss 8.7epss 0.11

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.

  • CVE-2022-40965HigOct 27, 2022
    risk 0.57cvss 8.7epss 0.11

    The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.

  • CVE-2022-1098HigApr 1, 2022
    risk 0.51cvss 7.8epss 0.00

    Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges

  • CVE-2021-44544HigDec 22, 2021
    risk 0.50cvss 7.5epss 0.09

    DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.

  • CVE-2021-44471HigDec 22, 2021
    risk 0.49cvss 7.5epss 0.01

    DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”.

  • CVE-2021-31558MedDec 22, 2021
    risk 0.43cvss 6.5epss 0.11

    DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.