Diaenergie

diaenergie

Vendor: Deltaww • 82 CVEs

CVEs (82)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-26338 1Deltaww 1Diaenergie Nov 21, 2024 Mar 29, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify databa...Show more Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.Show less
CVE-2022-26069 1Deltaww 1Diaenergie Nov 21, 2024 Mar 29, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify da...Show more Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.Show less
CVE-2022-26065 1Deltaww 1Diaenergie Nov 21, 2024 Mar 29, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database...Show more Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.Show less
CVE-2022-26059 1Deltaww 1Diaenergie Nov 21, 2024 Mar 29, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database c...Show more Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.Show less
CVE-2022-26013 1Deltaww 1Diaenergie Nov 21, 2024 Mar 29, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify...Show more Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.Show less
CVE-2022-25980 1Deltaww 1Diaenergie Nov 21, 2024 Mar 29, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify data...Show more Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.Show less
CVE-2022-25880 1Deltaww 1Diaenergie Nov 21, 2024 Mar 29, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database...Show more Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.Show less
CVE-2022-25347 1Deltaww 1Diaenergie Nov 21, 2024 Mar 29, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.
CVE-2022-0923 1Deltaww 1Diaenergie Nov 21, 2024 Mar 29, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify...Show more Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.Show less
CVE-2022-0988 1Deltaww 1Diaenergie Nov 21, 2024 Mar 25, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between...Show more Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.Show less
CVE-2021-44544 1Deltaww 1Diaenergie Nov 21, 2024 Dec 22, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.
CVE-2021-44471 1Deltaww 1Diaenergie Nov 21, 2024 Dec 22, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”.
CVE-2021-31558 1Deltaww 1Diaenergie Nov 21, 2024 Dec 22, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.
CVE-2021-23228 1Deltaww 1Diaenergie Nov 21, 2024 Dec 22, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.
CVE-2021-38393 1Deltaww 1Diaenergie Nov 21, 2024 Aug 30, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value...Show more A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.Show less
CVE-2021-38391 1Deltaww 1Diaenergie Nov 21, 2024 Aug 30, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value sup...Show more A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.Show less
CVE-2021-38390 1Deltaww 1Diaenergie Nov 21, 2024 Aug 30, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value...Show more A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.Show less
CVE-2021-33003 1Deltaww 1Diaenergie Nov 21, 2024 Aug 30, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.
CVE-2021-32991 1Deltaww 1Diaenergie Nov 21, 2024 Aug 30, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.
CVE-2021-32983 1Deltaww 1Diaenergie Nov 21, 2024 Aug 30, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value suppl...Show more A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.Show less

Previous 1 2 345 Next