CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1404 – Delta Electronics CNCSoft Out-of-bounds Read
https://notcve.org/view.php?id=CVE-2022-1404
Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. Delta Electronics CNCSoft (Todas las versiones anteriores a la 1.01.32) no sanea correctamente la entrada mientras procesa un archivo de proyecto específico, lo que permite una posible condición de lectura fuera de límites This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23228 – Delta Electronics DIAEnergie (Update A)
https://notcve.org/view.php?id=CVE-2021-23228
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. DIAEnergie Versiones 1.7.5 y anteriores, es vulnerable a un ataque de tipo cross-site scripting reflejado mediante páginas de error devueltas por ".NET Request.QueryString" • https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31558 – Delta Electronics DIAEnergie (Update A)
https://notcve.org/view.php?id=CVE-2021-31558
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”. DIAEnergie Versiones 1.7.5 y anteriores, es vulnerable a un ataque de tipo cross-site scripting almacenado cuando un usuario no autenticado inyecta código arbitrario en el parámetro "descr" del script "DIAE_hierarchyHandler.ashx" • https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44544 – Delta Electronics DIAEnergie (Update A)
https://notcve.org/view.php?id=CVE-2021-44544
DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. DIAEnergie Versión 1.7.5 y anteriores, es vulnerable a múltiples vulnerabilidades de tipo cross-site scripting cuando se inyecta código arbitrario en el parámetro "name" del script "HandlerEnergyType.ashx" • https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44471 – Delta Electronics DIAEnergie (Update A)
https://notcve.org/view.php?id=CVE-2021-44471
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. DIAEnergie Versión 1.7.5 y anteriores, son vulnerables a ataques de tipo cross-site scripting almacenado cuando un usuario no autenticado inyecta código arbitrario en el parámetro "name" del script "DIAE_HandlerAlarmGroup.ashx" • https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •