CVE-2022-1367
https://notcve.org/view.php?id=CVE-2022-1367
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. Delta Electronics DIAEnergie (Todas las versiones anteriores a 1.8.02.004) presenta una vulnerabilidad de inyección SQL ciega en el archivo Handler_TCV.ashx. Esto permite a un atacante inyectar consultas SQL arbitrarias, recuperar y modificar el contenido de la base de datos y ejecutar comandos del sistema • https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-1366
https://notcve.org/view.php?id=CVE-2022-1366
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. Delta Electronics DIAEnergie (Todas las versiones anteriores a 1.8.02.004) presenta una vulnerabilidad de inyección SQL ciega en el archivo HandlerChart.ashx. Esto permite a un atacante inyectar consultas SQL arbitrarias, recuperar y modificar el contenido de la base de datos y ejecutar comandos del sistema • https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-1403 – Delta Electronics ASDA-Soft Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2022-1403
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. ASDA-Soft: versiones 5.4.1.0 y anteriores, no sanean apropiadamente la entrada mientras procesan un archivo de proyecto específico, permitiendo una posible condición de escritura fuera de límites This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation ASDA-Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PAR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-111-01 • CWE-787: Out-of-bounds Write •
CVE-2022-1402 – Delta Electronics ASDA-Soft Out-of-bounds Read
https://notcve.org/view.php?id=CVE-2022-1402
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. ASDA-Soft: versiones 5.4.1.0 y anteriores, no sanean apropiadamente la entrada mientras es procesado un archivo de proyecto específico, permitiendo una posible condición de lectura fuera de límites This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation ASDA-Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SCP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-111-01 • CWE-125: Out-of-bounds Read •
CVE-2022-1331 – Delta Electronics DMARS Improper Restriction of XML External Entity Reference
https://notcve.org/view.php?id=CVE-2022-1331
In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure. En cuatro casos, DMARS (todas las versiones anteriores a v2.1.10.24) no restringe apropiadamente las referencias de entidades externas XML mientras son procesados archivos de proyecto específicos, lo que puede permitir una divulgación de información no autorizada This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DMARS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DMARS files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose files in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-01 • CWE-611: Improper Restriction of XML External Entity Reference •