Diaenergie

diaenergie

Vendor: Deltaww • 82 CVEs

CVEs (82)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-28029 1Deltaww 1Diaenergie Nov 21, 2024 Mar 21, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
CVE-2024-25937 1Deltaww 1Diaenergie Jan 24, 2025 Mar 21, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.
CVE-2023-0822 1Deltaww 1Diaenergie Nov 21, 2024 Feb 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
CVE-2022-43506 1Deltaww 1Diaenergie Nov 21, 2024 Nov 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVE-2022-43457 1Deltaww 1Diaenergie Nov 21, 2024 Nov 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVE-2022-43452 1Deltaww 1Diaenergie Nov 21, 2024 Nov 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVE-2022-43447 1Deltaww 1Diaenergie Nov 21, 2024 Nov 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVE-2022-41775 1Deltaww 1Diaenergie Nov 21, 2024 Nov 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVE-2022-41773 1Deltaww 1Diaenergie Nov 21, 2024 Oct 27, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL quer...Show more The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.Show less
CVE-2022-41702 1Deltaww 1Diaenergie Nov 21, 2024 Oct 27, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.
CVE-2022-41701 1Deltaww 1Diaenergie Nov 21, 2024 Oct 27, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.
CVE-2022-41651 1Deltaww 1Diaenergie Nov 21, 2024 Oct 27, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.
CVE-2022-41555 1Deltaww 1Diaenergie Nov 21, 2024 Oct 27, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.
CVE-2022-41133 1Deltaww 1Diaenergie Nov 21, 2024 Oct 27, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issu...Show more The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.Show less
CVE-2022-40967 1Deltaww 1Diaenergie Nov 21, 2024 Oct 27, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary...Show more The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.Show less
CVE-2022-40965 1Deltaww 1Diaenergie Nov 21, 2024 Oct 27, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.
CVE-2022-43775 1Deltaww 1Diaenergie May 7, 2025 Oct 26, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
CVE-2022-43774 1Deltaww 1Diaenergie May 7, 2025 Oct 26, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
CVE-2022-3214 1Deltaww 1Diaenergie Feb 25, 2026 Sep 16, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could b...Show more Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.Show less
CVE-2022-33005 1Deltaww 1Diaenergie Nov 21, 2024 Jun 27, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Nam...Show more A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field.Show less

Previous 123 4 5 Next