Filtered by vendor Deltaww
Subscriptions
Total
218 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-5461 | 1 Deltaww | 1 Wplsoft | 2024-09-19 | 3.7 Low |
A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-5459 | 1 Deltaww | 14 Dvp32es200r, Dvp32es200r Firmware, Dvp32es200rc and 11 more | 2024-09-19 | 6.5 Medium |
A vulnerability has been found in Delta Electronics DVP32ES2 PLC 1.48 and classified as critical. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. VDB-241582 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2022-26069 | 1 Deltaww | 1 Diaenergie | 2024-09-17 | 9.8 Critical |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
CVE-2018-8871 | 1 Deltaww | 1 Tpeditor | 2024-09-17 | 9.8 Critical |
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution. | ||||
CVE-2018-17927 | 1 Deltaww | 1 Tpeditor | 2024-09-17 | N/A |
In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution. | ||||
CVE-2021-38406 | 1 Deltaww | 1 Dopsoft | 2024-09-17 | 7.8 High |
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||
CVE-2022-1404 | 1 Deltaww | 1 Cncsoft | 2024-09-17 | 3.3 Low |
Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. | ||||
CVE-2021-38488 | 1 Deltaww | 1 Dialink | 2024-09-17 | 5.5 Medium |
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code. | ||||
CVE-2021-38402 | 1 Deltaww | 1 Dopsoft | 2024-09-17 | 7.8 High |
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||
CVE-2022-25980 | 1 Deltaww | 1 Diaenergie | 2024-09-17 | 9.8 Critical |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
CVE-2021-38428 | 1 Deltaww | 1 Dialink | 2024-09-17 | 5.5 Medium |
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code. | ||||
CVE-2018-10621 | 1 Deltaww | 1 Delta Industrial Automation Dopsoft | 2024-09-17 | N/A |
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. | ||||
CVE-2018-10598 | 1 Deltaww | 2 Cncsoft, Screeneditor | 2024-09-17 | N/A |
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. | ||||
CVE-2021-23228 | 1 Deltaww | 1 Diaenergie | 2024-09-17 | 7.5 High |
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. | ||||
CVE-2022-25347 | 1 Deltaww | 1 Diaenergie | 2024-09-17 | 9.8 Critical |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. | ||||
CVE-2018-17929 | 1 Deltaww | 1 Tpeditor | 2024-09-17 | 7.8 High |
In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an attacker to remotely execute arbitrary code. | ||||
CVE-2022-1331 | 1 Deltaww | 1 Dmars | 2024-09-17 | 5.5 Medium |
In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure. | ||||
CVE-2021-38404 | 1 Deltaww | 1 Dopsoft | 2024-09-17 | 7.8 High |
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||
CVE-2021-44544 | 1 Deltaww | 1 Diaenergie | 2024-09-17 | 7.5 High |
DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. | ||||
CVE-2022-26338 | 1 Deltaww | 1 Diaenergie | 2024-09-17 | 9.8 Critical |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. |