CVE-2021-32991
https://notcve.org/view.php?id=CVE-2021-32991
Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. Delta Electronics DIAEnergie versiones 1.7.5 y anteriores, son vulnerables a un ataque de tipo cross-site request forgery, que puede permitir a un atacante causar a un usuario realizar una acción no intencionada. • https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-32955
https://notcve.org/view.php?id=CVE-2021-32955
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. Delta Electronics DIAEnergie versiones 1.7.5 y anteriores, permiten una carga de archivos sin restricciones, lo que puede permitir a un atacante ejecutar código remotamente. • https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-32967
https://notcve.org/view.php?id=CVE-2021-32967
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. Delta Electronics DIAEnergie versiones 1.7.5 y anteriores, pueden permitir a un atacante añadir un nuevo usuario administrativo sin estar autenticado o autorizado, lo que puede permitir al atacante iniciar sesión y usar el dispositivo con privilegios administrativos. • https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2021-33003
https://notcve.org/view.php?id=CVE-2021-33003
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. Delta Electronics DIAEnergie Versión 1.7.5 y anteriores, pueden permitir a un atacante recuperar contraseñas en texto sin cifrar debido a un algoritmo de hashing débil. • https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-916: Use of Password Hash With Insufficient Computational Effort •