Filtered by vendor Deltaww
Subscriptions
Total
218 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-38390 | 1 Deltaww | 1 Diaenergie | 2024-08-04 | 9.8 Critical |
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | ||||
CVE-2021-38391 | 1 Deltaww | 1 Diaenergie | 2024-08-04 | 9.8 Critical |
A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | ||||
CVE-2021-33003 | 1 Deltaww | 1 Diaenergie | 2024-08-03 | 5.5 Medium |
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. | ||||
CVE-2021-33007 | 1 Deltaww | 1 Tpeditor | 2024-08-03 | 7.8 High |
A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code. | ||||
CVE-2021-32983 | 1 Deltaww | 1 Diaenergie | 2024-08-03 | 9.8 Critical |
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | ||||
CVE-2021-33019 | 1 Deltaww | 1 Dopsoft | 2024-08-03 | 7.8 High |
A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. | ||||
CVE-2021-32991 | 1 Deltaww | 1 Diaenergie | 2024-08-03 | 4.3 Medium |
Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. | ||||
CVE-2021-32969 | 1 Deltaww | 1 Diascreen | 2024-08-03 | 7.8 High |
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. | ||||
CVE-2021-32965 | 1 Deltaww | 1 Diascreen | 2024-08-03 | 7.8 High |
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. | ||||
CVE-2021-32955 | 1 Deltaww | 1 Diaenergie | 2024-08-03 | 9.8 Critical |
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. | ||||
CVE-2021-32967 | 1 Deltaww | 1 Diaenergie | 2024-08-03 | 9.8 Critical |
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. | ||||
CVE-2021-27455 | 1 Deltaww | 1 Dopsoft | 2024-08-03 | 5.5 Medium |
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. | ||||
CVE-2021-27480 | 1 Deltaww | 1 Industrial Automation Commgr | 2024-08-03 | 9.8 Critical |
Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code. | ||||
CVE-2021-27412 | 1 Deltaww | 1 Dopsoft | 2024-08-03 | 7.8 High |
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. | ||||
CVE-2021-22668 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-08-03 | 9.8 Critical |
Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. | ||||
CVE-2021-22672 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-08-03 | 7.8 High |
Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 could allow the corruption of data, a denial-of-service condition, or code execution. The vulnerability may allow an attacker to remotely execute arbitrary code. | ||||
CVE-2022-43775 | 1 Deltaww | 1 Diaenergie | 2024-08-03 | 9.8 Critical |
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | ||||
CVE-2022-43774 | 1 Deltaww | 1 Diaenergie | 2024-08-03 | 9.8 Critical |
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | ||||
CVE-2022-43506 | 1 Deltaww | 1 Diaenergie | 2024-08-03 | 8.8 High |
SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
CVE-2022-43447 | 1 Deltaww | 1 Diaenergie | 2024-08-03 | 8.8 High |
SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network |