cbcvebase.

Delta Electronics Diaenergie vulnerabilities

69 known vulnerabilities affecting delta_electronics/diaenergie.

Total CVEs
69
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL30HIGH26MEDIUM13

Vulnerabilities

Page 1 of 4
CVE-2024-4548P1CRITICALCVSS 9.8PoC≤ 1.10.1.86102024-05-06
CVE-2024-4548 [CRITICAL] CWE-20 CVE-2024-4548: An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe pr An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.
nvd
CVE-2022-1367P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-05-02
CVE-2022-1367 [CRITICAL] CWE-89 CVE-2022-1367: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-1366P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-05-02
CVE-2022-1366 [CRITICAL] CWE-89 CVE-2022-1366: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-1378P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-05-02
CVE-2022-1378 [CRITICAL] CWE-89 CVE-2022-1378: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26887P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-26887 [CRITICAL] CWE-89 CVE-2022-26887: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26013P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-26013 [CRITICAL] CWE-89 CVE-2022-26013: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-41133P2HIGHCVSS 8.8≥ All, < v1.9.01.0022022-10-27
CVE-2022-41133 [HIGH] CWE-89 CVE-2022-41133: The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection tha The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
nvd
CVE-2022-26349P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-26349 [CRITICAL] CWE-89 CVE-2022-26349: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26667P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-26667 [CRITICAL] CWE-89 CVE-2022-26667: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-25880P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-25880 [CRITICAL] CWE-89 CVE-2022-25880: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26338P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-26338 [CRITICAL] CWE-89 CVE-2022-26338: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-25980P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-25980 [CRITICAL] CWE-89 CVE-2022-25980: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26065P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-26065 [CRITICAL] CWE-89 CVE-2022-26065: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26666P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-26666 [CRITICAL] CWE-89 CVE-2022-26666: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26069P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-26069 [CRITICAL] CWE-89 CVE-2022-26069: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-27175P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-27175 [CRITICAL] CWE-89 CVE-2022-27175: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26514P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-26514 [CRITICAL] CWE-89 CVE-2022-26514: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26836P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-26836 [CRITICAL] CWE-89 CVE-2022-26836: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26059P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-26059 [CRITICAL] CWE-89 CVE-2022-26059: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-0923P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-0923 [CRITICAL] CWE-89 CVE-2022-0923: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
Delta Electronics Diaenergie vulnerabilities | cvebase