Deltaww Diaenergie vulnerabilities
78 known vulnerabilities affecting deltaww/diaenergie.
Total CVEs
78
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL39HIGH26MEDIUM13
Vulnerabilities
Page 1 of 4
CVE-2024-4548P1CRITICALCVSS 9.8PoCfixed in 1.10.01.0042024-05-06
CVE-2024-4548 [CRITICAL] CWE-20 CVE-2024-4548: An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe pr
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.
nvd
CVE-2022-1367P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-05-02
CVE-2022-1367 [CRITICAL] CWE-89 CVE-2022-1367: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-1366P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-05-02
CVE-2022-1366 [CRITICAL] CWE-89 CVE-2022-1366: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-1378P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-05-02
CVE-2022-1378 [CRITICAL] CWE-89 CVE-2022-1378: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2021-38393P2CRITICALCVSS 9.8≤ 1.7.52021-08-30
CVE-2021-38393 [CRITICAL] CWE-89 CVE-2021-38393: A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of De
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this
nvd
CVE-2021-38390P2CRITICALCVSS 9.8≤ 1.7.52021-08-30
CVE-2021-38390 [CRITICAL] CWE-89 CVE-2021-38390: A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of De
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this
nvd
CVE-2021-32955P2CRITICALCVSS 9.8≤ 1.7.52021-08-30
CVE-2021-32955 [CRITICAL] CWE-434 CVE-2021-32955: Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may all
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code.
nvd
CVE-2022-26887P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-03-29
CVE-2022-26887 [CRITICAL] CWE-89 CVE-2022-26887: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26013P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-03-29
CVE-2022-26013 [CRITICAL] CWE-89 CVE-2022-26013: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-41133P2HIGHCVSS 8.8fixed in 1.9.01.0022022-10-27
CVE-2022-41133 [HIGH] CWE-89 CVE-2022-41133: The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection tha
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
nvd
CVE-2021-32983P2CRITICALCVSS 9.8≤ 1.7.52021-08-30
CVE-2021-32983 [CRITICAL] CWE-89 CVE-2021-32983: A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta El
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this iss
nvd
CVE-2021-38391P2CRITICALCVSS 9.8≤ 1.7.52021-08-30
CVE-2021-38391 [CRITICAL] CWE-89 CVE-2021-38391: A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta
A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue
nvd
CVE-2022-43775P2CRITICALCVSS 9.8v1.9.02022-10-26
CVE-2022-43775 [CRITICAL] CWE-89 CVE-2022-43775: The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could all
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
nvd
CVE-2022-26349P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-03-29
CVE-2022-26349 [CRITICAL] CWE-89 CVE-2022-26349: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26667P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-03-29
CVE-2022-26667 [CRITICAL] CWE-89 CVE-2022-26667: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-25880P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-03-29
CVE-2022-25880 [CRITICAL] CWE-89 CVE-2022-25880: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26338P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-03-29
CVE-2022-26338 [CRITICAL] CWE-89 CVE-2022-26338: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-25980P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-03-29
CVE-2022-25980 [CRITICAL] CWE-89 CVE-2022-25980: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26065P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-03-29
CVE-2022-26065 [CRITICAL] CWE-89 CVE-2022-26065: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26666P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-03-29
CVE-2022-26666 [CRITICAL] CWE-89 CVE-2022-26666: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
1 / 4Next →