CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34031 – SQL Injection vulnerability in Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2024-34031
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed. Delta Electronics DIAEnergie es afectada por una vulnerabilidad de inyección SQL que existe en el script Handler_CFG.ashx. Un atacante autenticado puede aprovechar este problema para comprometer potencialmente el sistema en el que está implementado DIAEnergie. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34032 – SQL Injection in Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2024-34032
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed. Delta Electronics DIAEnergie es afectada por una vulnerabilidad de inyección SQL que existe en el endpoint GetDIACloudList. Un atacante autenticado puede aprovechar este problema para comprometer potencialmente el sistema en el que está implementado DIAEnergie. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1941 – Delta Electronics CNCSoft-B Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-1941
Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. Delta Electronics CNCSoft-B versiones 1.0.0.4 y anteriores son vulnerables a un desbordamiento de búfer en la región stack de la memoria, lo que puede permitir a un atacante ejecutar código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DPA files in the DOPSoft executable. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-060-01 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5802 – Delta Industrial Automation PMSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-5802
An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software. Ha sido descubierto un problema en Delta Electronics WPLSoft, versiones anteriores a V2.42.11, ISPSoft, versiones anteriores a 3.02.11 y PMSoft, versiones anteriores a 2.10.10. Múltiples instancias de condiciones de escritura fuera de límites pueden permitir que archivos maliciosos sean leídos y ejecutados por el software afectado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation PMSoft. • http://www.securityfocus.com/bid/94887 https://ics-cert.us-cert.gov/advisories/ICSA-16-348-03 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5805 – Delta Industrial Automation ISPSoft dvl File Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-5805
An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. Ha sido descubierto un problema en Delta Electronics WPLSoft, versiones anteriores a V2.42.11, ISPSoft, versiones anteriores a 3.02.11 y PMSoft, versiones anteriores a 2,10.10. Existen múltiples instancias de desbordamientos de búfer basados en memoria dinámica que pueden permitir que los archivos maliciosos provoquen la ejecución de código arbitrario o una denegación de servicio. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. • http://www.securityfocus.com/bid/94887 https://ics-cert.us-cert.gov/advisories/ICSA-16-348-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •