Page 13 of 64 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. Delta Electronics DIAEnergie versiones 1.7.5 y anteriores, son vulnerables a un ataque de tipo cross-site request forgery, que puede permitir a un atacante causar a un usuario realizar una acción no intencionada. • https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. Delta Electronics DIAEnergie versiones 1.7.5 y anteriores, permiten una carga de archivos sin restricciones, lo que puede permitir a un atacante ejecutar código remotamente. • https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. Delta Electronics DIAEnergie versiones 1.7.5 y anteriores, pueden permitir a un atacante añadir un nuevo usuario administrativo sin estar autenticado o autorizado, lo que puede permitir al atacante iniciar sesión y usar el dispositivo con privilegios administrativos. • https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. Delta Electronics DIAEnergie Versión 1.7.5 y anteriores, pueden permitir a un atacante recuperar contraseñas en texto sin cifrar debido a un algoritmo de hashing débil. • https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-916: Use of Password Hash With Insufficient Computational Effort •