Deltaww Diaenergie vulnerabilities
78 known vulnerabilities affecting deltaww/diaenergie.
Total CVEs
78
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL39HIGH26MEDIUM13
Vulnerabilities
Page 4 of 4
CVE-2024-28171P3HIGHCVSS 8.1fixed in 1.10.00.0052024-03-21
CVE-2024-28171 [HIGH] CWE-22 CVE-2024-28171: It is possible to perform a path traversal attack and write outside of the intended directory. If a
It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
nvd
CVE-2022-26839P3HIGHCVSS 7.8fixed in 1.8.02.0042022-03-29
CVE-2022-26839 [HIGH] CWE-276 CVE-2022-26839: Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect defaul
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.
nvd
CVE-2022-0988P3HIGHCVSS 7.5≤ 1.7.52022-03-25
CVE-2022-0988 [HIGH] CWE-319 CVE-2022-0988: Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as th
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.
nvd
CVE-2022-1098P3HIGHCVSS 7.8fixed in 1.8.02.0042022-04-01
CVE-2022-1098 [HIGH] CWE-427 CVE-2022-1098: Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking co
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges
nvd
CVE-2024-4549P3HIGHCVSS 7.5fixed in 1.10.01.0042024-05-06
CVE-2024-4549 [HIGH] CWE-400 CVE-2024-4549: A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. Whe
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.
nvd
CVE-2021-31558P4MEDIUMCVSS 6.1≤ 1.7.52021-12-22
CVE-2021-31558 [MEDIUM] CWE-79 CVE-2021-31558: DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthentica
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.
nvd
CVE-2021-44544P4MEDIUMCVSS 6.1≤ 1.7.52021-12-22
CVE-2021-44544 [MEDIUM] CWE-79 CVE-2021-44544: DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities wh
DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.
nvd
CVE-2022-41702P4MEDIUMCVSS 5.4fixed in 1.9.01.0022022-10-27
CVE-2022-41702 [MEDIUM] CWE-79 CVE-2022-41702: The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.
nvd
CVE-2022-41701P4MEDIUMCVSS 5.4fixed in 1.9.01.0022022-10-27
CVE-2022-41701 [MEDIUM] CWE-79 CVE-2022-41701: The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.
nvd
CVE-2022-40965P4MEDIUMCVSS 5.4fixed in 1.9.01.0022022-10-27
CVE-2022-40965 [MEDIUM] CWE-79 CVE-2022-40965: The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.
nvd
CVE-2022-41651P4MEDIUMCVSS 5.4fixed in 1.9.01.0022022-10-27
CVE-2022-41651 [MEDIUM] CWE-79 CVE-2022-41651: The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.
nvd
CVE-2022-41555P4MEDIUMCVSS 5.4fixed in 1.9.01.0022022-10-27
CVE-2022-41555 [MEDIUM] CWE-79 CVE-2022-41555: The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.
nvd
CVE-2021-44471P4MEDIUMCVSS 6.1≤ 1.7.52021-12-22
CVE-2021-44471 [MEDIUM] CWE-79 CVE-2021-44471: DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthentica
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”.
nvd
CVE-2024-28045P4MEDIUMCVSS 5.4fixed in 1.10.00.0052024-03-21
CVE-2024-28045 [MEDIUM] CWE-79 CVE-2024-28045: Improper neutralization of input within the affected product could lead to cross-site scripting.
Improper neutralization of input within the affected product could lead to cross-site scripting.
nvd
CVE-2022-33005P4MEDIUMCVSS 6.1v1.08.002022-06-27
CVE-2022-33005 [MEDIUM] CWE-79 CVE-2022-33005: A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Elect
A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field.
nvd
CVE-2021-33003P4MEDIUMCVSS 5.5≤ 1.7.52021-08-30
CVE-2021-33003 [MEDIUM] CWE-916 CVE-2021-33003: Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.
nvd
CVE-2021-23228P4MEDIUMCVSS 6.1≤ 1.7.52021-12-22
CVE-2021-23228 [MEDIUM] CWE-79 CVE-2021-23228: DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.
nvd
CVE-2021-32991P4MEDIUMCVSS 4.3≤ 1.7.52021-08-30
CVE-2021-32991 [MEDIUM] CWE-352 CVE-2021-32991: Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, wh
Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.
nvd
← Previous4 / 4