CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25347 – Delta Electronics DIAEnergie Path Traversal
https://notcve.org/view.php?id=CVE-2022-25347
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. Delta Electronics DIAEnergie (todas las versiones anteriores a la 1.8.02.004) es vulnerable a ataques de salto de ruta, que pueden permitir a un atacante escribir archivos arbitrarios en ubicaciones del sistema de archivos • https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-37: Path Traversal: '/absolute/pathname/here' •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25980 – Delta Electronics DIAEnergie SQL Injection in HandlerCommon.ashx
https://notcve.org/view.php?id=CVE-2022-25980
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. Delta Electronics DIAEnergie (Todas las versiones anteriores a la 1.8.02.004) presenta una vulnerabilidad de inyección SQL ciega que se presenta en el archivo HandlerCommon.ashx. Esto permite a un atacante inyectar consultas SQL arbitrarias, recuperar y modificar el contenido de la base de datos y ejecutar comandos del sistema • https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26059 – Delta Electronics DIAEnergie SQL Injection in GetQueryData
https://notcve.org/view.php?id=CVE-2022-26059
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. Delta Electronics DIAEnergie (Todas las versiones anteriores a la 1.8.02.004) presenta una vulnerabilidad de inyección SQL ciega que se presenta en GetQueryData. Esto permite a un atacante inyectar consultas SQL arbitrarias, recuperar y modificar el contenido de la base de datos y ejecutar comandos del sistema • https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0988 – Delta Electronics DIAEnergie CLEARTEXT Transmission of Sensitive Information
https://notcve.org/view.php?id=CVE-2022-0988
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product. Delta Electronics DIAEnergie (versiones 1.7.5 y anteriores) es vulnerable a una transmisión de texto sin cifrar ya que la aplicación web es ejecutada por defecto en HTTP. Esto podría permitir a un atacante leer remotamente la información transmitida entre el cliente y el producto • https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23228 – Delta Electronics DIAEnergie (Update A)
https://notcve.org/view.php?id=CVE-2021-23228
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. DIAEnergie Versiones 1.7.5 y anteriores, es vulnerable a un ataque de tipo cross-site scripting reflejado mediante páginas de error devueltas por ".NET Request.QueryString" • https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •