Filtered by vendor Deltaww
Subscriptions
Total
218 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-1405 | 1 Deltaww | 1 Cncsoft | 2024-09-16 | 7.8 High |
CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. | ||||
CVE-2022-41701 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 8.7 High |
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | ||||
CVE-2022-2759 | 1 Deltaww | 1 Delta Robot Automation Studio | 2024-09-16 | 5.5 Medium |
Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host. | ||||
CVE-2018-10617 | 1 Deltaww | 1 Delta Industrial Automation Dopsoft | 2024-09-16 | N/A |
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. | ||||
CVE-2018-8839 | 1 Deltaww | 1 Pmsoft | 2024-09-16 | 7.8 High |
Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code execution or cause the application to crash. CVSS v3 base score: 7.1; CVSS vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22, 2018, or the latest available version. | ||||
CVE-2022-26059 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 9.8 Critical |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
CVE-2022-26836 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 9.8 Critical |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
CVE-2022-40965 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 8.7 High |
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | ||||
CVE-2018-7494 | 1 Deltaww | 1 Wplsoft | 2024-09-16 | N/A |
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. | ||||
CVE-2022-26013 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 9.8 Critical |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
CVE-2022-26839 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 7.8 High |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files. | ||||
CVE-2022-1098 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 7.8 High |
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges | ||||
CVE-2021-38418 | 1 Deltaww | 1 Dialink | 2024-09-16 | 8.8 High |
Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization. | ||||
CVE-2022-26065 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 9.8 Critical |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
CVE-2021-38416 | 1 Deltaww | 1 Dialink | 2024-09-16 | 7.8 High |
Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed. | ||||
CVE-2021-31558 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 6.5 Medium |
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”. | ||||
CVE-2018-7509 | 1 Deltaww | 1 Wplsoft | 2024-09-16 | N/A |
WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution. | ||||
CVE-2018-10636 | 1 Deltaww | 2 Cncsoft, Screeneditor | 2024-09-16 | 8.8 High |
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. | ||||
CVE-2021-38420 | 1 Deltaww | 1 Dialink | 2024-09-16 | 7.8 High |
Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files. | ||||
CVE-2022-40967 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 8.8 High |
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. |