Deltaww Diaenergie vulnerabilities
78 known vulnerabilities affecting deltaww/diaenergie.
Total CVEs
78
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL39HIGH26MEDIUM13
Vulnerabilities
Page 2 of 4
CVE-2022-26069P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-03-29
CVE-2022-26069 [CRITICAL] CWE-89 CVE-2022-26069: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-27175P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-03-29
CVE-2022-27175 [CRITICAL] CWE-89 CVE-2022-27175: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26514P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-03-29
CVE-2022-26514 [CRITICAL] CWE-89 CVE-2022-26514: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26836P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-03-29
CVE-2022-26836 [CRITICAL] CWE-89 CVE-2022-26836: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-26059P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-03-29
CVE-2022-26059 [CRITICAL] CWE-89 CVE-2022-26059: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-0923P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-03-29
CVE-2022-0923 [CRITICAL] CWE-89 CVE-2022-0923: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-1371P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-05-02
CVE-2022-1371 [CRITICAL] CWE-89 CVE-2022-1371: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-1372P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-05-02
CVE-2022-1372 [CRITICAL] CWE-89 CVE-2022-1372: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-1374P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-05-02
CVE-2022-1374 [CRITICAL] CWE-89 CVE-2022-1374: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-1370P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-05-02
CVE-2022-1370 [CRITICAL] CWE-89 CVE-2022-1370: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-1369P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-05-02
CVE-2022-1369 [CRITICAL] CWE-89 CVE-2022-1369: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-1375P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-05-02
CVE-2022-1375 [CRITICAL] CWE-89 CVE-2022-1375: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-1377P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-05-02
CVE-2022-1377 [CRITICAL] CWE-89 CVE-2022-1377: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2022-1376P2CRITICALCVSS 9.8fixed in 1.8.02.0042022-05-02
CVE-2022-1376 [CRITICAL] CWE-89 CVE-2022-1376: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
nvd
CVE-2024-25574P2CRITICALCVSS 9.8fixed in 1.10.00.0052024-04-01
CVE-2024-25574 [CRITICAL] CWE-89 CVE-2024-25574: SQL injection vulnerability exists in GetDIAE_usListParameters.
SQL injection vulnerability exists in GetDIAE_usListParameters.
nvd
CVE-2024-4547P2CRITICALCVSS 9.8fixed in 1.10.01.0042024-05-06
CVE-2024-4547 [CRITICAL] CWE-20 CVE-2024-4547: A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe pro
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field
nvd
CVE-2022-3214P2CRITICALCVSS 9.8fixed in 1.9.03.0092022-09-16
CVE-2022-3214 [CRITICAL] CWE-798 CVE-2022-3214: Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CW
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to
1.9.03.009
have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.
nvd
CVE-2024-25937P2HIGHCVSS 8.8fixed in 1.10.00.0052024-03-21
CVE-2024-25937 [HIGH] CWE-89 CVE-2024-25937: SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.
SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.
nvd
CVE-2024-28891P2HIGHCVSS 8.8fixed in 1.10.00.0052024-03-21
CVE-2024-28891 [HIGH] CWE-89 CVE-2024-28891: SQL injection vulnerability exists in the script Handler_CFG.ashx.
SQL injection vulnerability exists in the script Handler_CFG.ashx.
nvd
CVE-2022-41773P2HIGHCVSS 8.8fixed in 1.9.01.0022022-10-27
CVE-2022-41773 [HIGH] CWE-89 CVE-2022-41773: The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection tha
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
nvd