CVE-2022-43457 – Delta Electronics DIAEnergie SQL Injection
https://notcve.org/view.php?id=CVE-2022-43457
SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network La inyección SQL en HandlerPage_KID.ashx en versiones de Delta Electronics DIAEnergie anteriores a la v1.9.02.001 permite a un atacante inyectar consultas SQL a través de la red • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-43447 – Delta Electronics DIAEnergie SQL Injection
https://notcve.org/view.php?id=CVE-2022-43447
SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network La inyección SQL en AM_EBillAnalysis.aspx en versiones de Delta Electronics DIAEnergie anteriores a v1.9.02.001 permite a un atacante inyectar consultas SQL a través de la red • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-41702 – Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2022-41702
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a Stored Cross-Site Scripting a través de la API InsertReg. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-41651 – Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2022-41651
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a Stored Cross-Site Scripting a través de la API SetPF. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-41133 – Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2022-41133
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a una inyección SQL que existe en GetDIAE_line_message_settingsListParameters. Un atacante autenticado con pocos privilegios podría aprovechar este problema para inyectar consultas SQL arbitrarias. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •