CVE-2022-41702 – Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2022-41702
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a Stored Cross-Site Scripting a través de la API InsertReg. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-41651 – Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2022-41651
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a Stored Cross-Site Scripting a través de la API SetPF. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-41133 – Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2022-41133
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a una inyección SQL que existe en GetDIAE_line_message_settingsListParameters. Un atacante autenticado con pocos privilegios podría aprovechar este problema para inyectar consultas SQL arbitrarias. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-41773 – Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2022-41773
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a una inyección SQL existente en CheckDIACloud. Un atacante autenticado con pocos privilegios podría aprovechar este problema para inyectar consultas SQL arbitrarias. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-41701 – Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2022-41701
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a Stored Cross-Site Scripting a través de la API PutShift. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •