CVE-2022-43774
https://notcve.org/view.php?id=CVE-2022-43774
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. La clase HandlerPageP_KID de Delta Electronics DIAEnergy versión v1.9, contiene un fallo de Inyección SQL que podría permitir a un atacante conseguir una ejecución de código en un sistema remoto • https://www.tenable.com/security/research/tra-2022-33 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-3214 – Delta Electronics DIAEnergy Use of Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2022-3214
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. DIAEnergy de Delta Industrial Automation, un sistema de gestión de energía industrial, es vulnerable a CWE-798, Uso de credenciales Embebidas. Las versiones 1.8.0 y anteriores presentan esta vulnerabilidad. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-03 • CWE-798: Use of Hard-coded Credentials •
CVE-2022-2759
https://notcve.org/view.php?id=CVE-2022-2759
Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host. Delta Electronics Delta Robot Automation Studio (DRAS) versiones anteriores a la 1.13.20, están afectadas por restricciones inapropiadas en las que el software procesa un documento XML que puede contener entidades XML con URI que resuelven a documentos fuera del ámbito de control previsto, lo que causa que el producto inserte documentos incorrectos en su salida. Esto puede permitir a un atacante visualizar documentos e información confidenciales en el host afectado • https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-03 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-1405 – Delta Electronics CNCSoft Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-1405
CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. CNCSoft: Todas las versiones anteriores a 1.01.32 no sanean correctamente la entrada mientras es procesado un archivo de proyecto específico, lo que permite una posible condición de desbordamiento de búfer en la región stack de la memoria • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-01 • CWE-121: Stack-based Buffer Overflow •
CVE-2022-2660 – Delta Industrial Automation DIALink Hardcoded Cryptographic Key Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-2660
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. Las versiones 1.4.0.0 y anteriores de Delta Industrial Automation DIALink son vulnerables al uso de una clave criptográfica codificada que podría permitir a un atacante descifrar datos confidenciales y comprometer la máquina. This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation DIALink. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of requests to the server. The issue results from hardcoding crytographic keys within the product. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-02 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •