Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deltaww diaenergie vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-0822
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
Deltaww Diaenergie
7.5
CVSSv3
CVE-2022-0988
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an malicious user to remotely read transmitted information between the client and product.
Deltaww Diaenergie
7.8
CVSSv3
CVE-2022-1098
Delta Electronics DIAEnergie (all versions before 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an malicious user to escalate privileges
Deltaww Diaenergie
7.5
CVSSv3
CVE-2022-25347
Delta Electronics DIAEnergie (All versions before 1.8.02.004) is vulnerable to path traversal attacks, which may allow an malicious user to write arbitrary files to locations on the file system.
Deltaww Diaenergie
8.8
CVSSv3
CVE-2024-28029
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
Deltaww Diaenergie
4.3
CVSSv3
CVE-2021-32991
Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an malicious user to cause a user to carry out an action unintentionally.
Deltaww Diaenergie
5.5
CVSSv3
CVE-2021-33003
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an malicious user to retrieve passwords in cleartext due to a weak hashing algorithm.
Deltaww Diaenergie
9.8
CVSSv3
CVE-2022-27175
Delta Electronics DIAEnergie (All versions before 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an malicious user to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Deltaww Diaenergie
9.8
CVSSv3
CVE-2022-26349
Delta Electronics DIAEnergie (All versions before 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an malicious user to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Deltaww Diaenergie
9.8
CVSSv3
CVE-2021-32983
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of...
Deltaww Diaenergie
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »