Filtered by vendor Deltaww
Subscriptions
Total
218 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-44768 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-09-16 | 6.1 Medium |
Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information. | ||||
CVE-2021-38422 | 1 Deltaww | 1 Dialink | 2024-09-16 | 7.8 High |
Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges. | ||||
CVE-2018-7507 | 1 Deltaww | 1 Wplsoft | 2024-09-16 | N/A |
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. | ||||
CVE-2022-0988 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 7.1 High |
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product. | ||||
CVE-2021-43982 | 1 Deltaww | 1 Cncsoft | 2024-09-16 | 7.8 High |
Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | ||||
CVE-2018-10594 | 1 Deltaww | 8 Commgr, Dvpsimulator Ahsim 5x0, Dvpsimulator Ahsim 5x1 and 5 more | 2024-09-16 | N/A |
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server. | ||||
CVE-2022-26887 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 9.8 Critical |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
CVE-2022-26666 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 9.8 Critical |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
CVE-2022-41133 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 8.8 High |
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||||
CVE-2022-26514 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 9.8 Critical |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
CVE-2023-43824 | 1 Deltaww | 1 Dopsoft | 2024-09-12 | 8.8 High |
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution. | ||||
CVE-2024-8255 | 1 Deltaww | 2 Dtn Soft, Dtnsoft | 2024-09-06 | 9.8 Critical |
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. | ||||
CVE-2023-43820 | 1 Deltaww | 1 Dopsoft | 2024-08-29 | 8.8 High |
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesPrevValueLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution. | ||||
CVE-2024-39880 | 1 Deltaww | 1 Cncsoft-g2 | 2024-08-29 | 7.8 High |
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
CVE-2024-39881 | 1 Deltaww | 1 Cncsoft-g2 | 2024-08-29 | 8.8 High |
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
CVE-2024-39882 | 1 Deltaww | 1 Cncsoft-g2 | 2024-08-29 | 8.8 High |
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
CVE-2024-39883 | 1 Deltaww | 1 Cncsoft-g2 | 2024-08-29 | 8.8 High |
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
CVE-2024-28029 | 1 Deltaww | 1 Diaenergie | 2024-08-12 | 8.8 High |
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality. | ||||
CVE-2024-7502 | 1 Deltaww | 1 Diascreen | 2024-08-12 | 7.8 High |
A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. | ||||
CVE-2017-16745 | 1 Deltaww | 1 Delta Industrial Automation Screen Editor | 2024-08-05 | N/A |
A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files. |