Search Results (37648 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-26069 1 Deltaww 1 Diaenergie 2025-04-16 9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-0923 1 Deltaww 1 Diaenergie 2025-04-16 9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-25880 1 Deltaww 1 Diaenergie 2025-04-16 9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26013 1 Deltaww 1 Diaenergie 2025-04-16 9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26065 1 Deltaww 1 Diaenergie 2025-04-16 9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26349 1 Deltaww 1 Diaenergie 2025-04-16 9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26836 1 Deltaww 1 Diaenergie 2025-04-16 9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26887 1 Deltaww 1 Diaenergie 2025-04-16 9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26666 1 Deltaww 1 Diaenergie 2025-04-16 9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26514 1 Deltaww 1 Diaenergie 2025-04-16 9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26338 1 Deltaww 1 Diaenergie 2025-04-16 9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26667 1 Deltaww 1 Diaenergie 2025-04-16 9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-27175 1 Deltaww 1 Diaenergie 2025-04-16 9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2021-32953 1 Auvesy-mdt 2 Autosave, Autosave For System Platform 2025-04-16 9.8 Critical
An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login.
CVE-2021-32957 1 Auvesy-mdt 2 Autosave, Autosave For System Platform 2025-04-16 7.5 High
A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking.
CVE-2021-32986 1 Automationdirect 40 C0-10are-d, C0-10are-d Firmware, C0-10dd1e-d and 37 more 2025-04-16 9.8 Critical
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly.
CVE-2022-1161 1 Rockwellautomation 48 Compact Guardlogix 5370, Compact Guardlogix 5370 Firmware, Compact Guardlogix 5380 and 45 more 2025-04-16 10 Critical
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.
CVE-2022-21168 1 Fujielectric 2 Alpha5 Smart Loader, Alpha5 Smart Loader Firmware 2025-04-16 3.3 Low
The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure.
CVE-2020-25167 1 Osisoft 1 Pi Vision 2025-04-16 4.9 Medium
OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute.
CVE-2022-1366 1 Deltaww 1 Diaenergie 2025-04-16 9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.