Delta Electronics Diaenergie vulnerabilities
69 known vulnerabilities affecting delta_electronics/diaenergie.
Total CVEs
69
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL30HIGH26MEDIUM13
Vulnerabilities
Page 3 of 4
CVE-2022-25347P3HIGHCVSS 7.5≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-25347 [HIGH] CWE-37 CVE-2022-25347: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal atta
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.
nvd
CVE-2024-28029P3HIGHCVSS 8.8fixed in v1.10.00.0052024-03-21
CVE-2024-28029 [HIGH] CWE-602 CVE-2024-28029: Privileges are not fully verified server-side, which can be abused by a user with limited privileges
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
nvd
CVE-2024-43699P3CRITICALCVSS 9.8≤ v1.10.01.0082024-10-03
CVE-2024-43699 [CRITICAL] CWE-89 CVE-2024-43699: Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An u
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.
nvd
CVE-2024-34033P3HIGHCVSS 8.8v1.10.00.0052024-05-03
CVE-2024-34033 [HIGH] CWE-22 CVE-2024-34033: Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a
Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
nvd
CVE-2023-0822P3HIGHCVSS 8.8fixed in v1.9.03.0012023-02-17
CVE-2023-0822 [HIGH] CWE-285 CVE-2023-0822: The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, wh
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
nvd
CVE-2022-43506P3HIGHCVSS 8.8vAll2022-11-17
CVE-2022-43506 [HIGH] CWE-89 CVE-2022-43506: SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.0
SQL Injection in
HandlerTag_KID.ashx
in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
nvd
CVE-2022-43447P3HIGHCVSS 8.8vAll2022-11-17
CVE-2022-43447 [HIGH] CWE-89 CVE-2022-43447: SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v
SQL Injection in
AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
nvd
CVE-2022-43457P3HIGHCVSS 8.8vAll2022-11-17
CVE-2022-43457 [HIGH] CWE-89 CVE-2022-43457: SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to
SQL Injection in
HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
nvd
CVE-2022-41775P3HIGHCVSS 8.8vAll2022-11-17
CVE-2022-41775 [HIGH] CWE-89 CVE-2022-41775: SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.
SQL Injection in
Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
nvd
CVE-2024-34031P3HIGHCVSS 8.8v1.10.00.0052024-05-03
CVE-2024-34031 [HIGH] CWE-89 CVE-2024-34031: Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the scr
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
nvd
CVE-2024-25567P3HIGHCVSS 8.8fixed in v1.10.00.0052024-03-21
CVE-2024-25567 [HIGH] CWE-22 CVE-2024-25567: Path traversal attack is possible and write outside of the intended directory and may access sensit
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.
nvd
CVE-2024-28171P3HIGHCVSS 8.1fixed in v1.10.00.0052024-03-21
CVE-2024-28171 [HIGH] CWE-22 CVE-2024-28171: It is possible to perform a path traversal attack and write outside of the intended directory. If a
It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
nvd
CVE-2022-26839P3HIGHCVSS 7.8≥ unspecified, < 1.8.02.0042022-03-29
CVE-2022-26839 [HIGH] CWE-276 CVE-2022-26839: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect defaul
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.
nvd
CVE-2022-0988P3HIGHCVSS 7.5≥ unspecified, ≤ 1.7.52022-03-25
CVE-2022-0988 [HIGH] CWE-319 CVE-2022-0988: Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as th
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.
nvd
CVE-2024-4549P3HIGHCVSS 7.5≤ 1.10.1.86102024-05-06
CVE-2024-4549 [HIGH] CWE-400 CVE-2024-4549: A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. Whe
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.
nvd
CVE-2021-31558P4MEDIUMCVSS 6.1≥ All, ≤ 1.7.52021-12-22
CVE-2021-31558 [MEDIUM] CWE-79 CVE-2021-31558: DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthentica
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.
nvd
CVE-2021-44544P4MEDIUMCVSS 6.1≥ All, ≤ 1.7.52021-12-22
CVE-2021-44544 [MEDIUM] CWE-79 CVE-2021-44544: DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities wh
DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.
nvd
CVE-2022-41702P4MEDIUMCVSS 5.4≥ All, < v1.9.01.0022022-10-27
CVE-2022-41702 [MEDIUM] CWE-79 CVE-2022-41702: The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.
nvd
CVE-2022-41701P4MEDIUMCVSS 5.4≥ All, < v1.9.01.0022022-10-27
CVE-2022-41701 [MEDIUM] CWE-79 CVE-2022-41701: The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.
nvd
CVE-2022-40965P4MEDIUMCVSS 5.4≥ All, < v1.9.01.0022022-10-27
CVE-2022-40965 [MEDIUM] CWE-79 CVE-2022-40965: The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.
nvd