CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26059 – Delta Electronics DIAEnergie SQL Injection in GetQueryData
https://notcve.org/view.php?id=CVE-2022-26059
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. Delta Electronics DIAEnergie (Todas las versiones anteriores a la 1.8.02.004) presenta una vulnerabilidad de inyección SQL ciega que se presenta en GetQueryData. Esto permite a un atacante inyectar consultas SQL arbitrarias, recuperar y modificar el contenido de la base de datos y ejecutar comandos del sistema • https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0988 – Delta Electronics DIAEnergie CLEARTEXT Transmission of Sensitive Information
https://notcve.org/view.php?id=CVE-2022-0988
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product. Delta Electronics DIAEnergie (versiones 1.7.5 y anteriores) es vulnerable a una transmisión de texto sin cifrar ya que la aplicación web es ejecutada por defecto en HTTP. Esto podría permitir a un atacante leer remotamente la información transmitida entre el cliente y el producto • https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23228 – Delta Electronics DIAEnergie (Update A)
https://notcve.org/view.php?id=CVE-2021-23228
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. DIAEnergie Versiones 1.7.5 y anteriores, es vulnerable a un ataque de tipo cross-site scripting reflejado mediante páginas de error devueltas por ".NET Request.QueryString" • https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31558 – Delta Electronics DIAEnergie (Update A)
https://notcve.org/view.php?id=CVE-2021-31558
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”. DIAEnergie Versiones 1.7.5 y anteriores, es vulnerable a un ataque de tipo cross-site scripting almacenado cuando un usuario no autenticado inyecta código arbitrario en el parámetro "descr" del script "DIAE_hierarchyHandler.ashx" • https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44544 – Delta Electronics DIAEnergie (Update A)
https://notcve.org/view.php?id=CVE-2021-44544
DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. DIAEnergie Versión 1.7.5 y anteriores, es vulnerable a múltiples vulnerabilidades de tipo cross-site scripting cuando se inyecta código arbitrario en el parámetro "name" del script "HandlerEnergyType.ashx" • https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •