CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43774
https://notcve.org/view.php?id=CVE-2022-43774
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. La clase HandlerPageP_KID de Delta Electronics DIAEnergy versión v1.9, contiene un fallo de Inyección SQL que podría permitir a un atacante conseguir una ejecución de código en un sistema remoto • https://www.tenable.com/security/research/tra-2022-33 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43775
https://notcve.org/view.php?id=CVE-2022-43775
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. La clase HICT_Loop en Delta Electronics DIAEnergy versión v1.9, contiene un fallo de Inyección SQL que podría permitir a un atacante conseguir una ejecución de código en un sistema remoto • https://www.tenable.com/security/research/tra-2022-33 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3214 – Delta Electronics DIAEnergy Use of Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2022-3214
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. DIAEnergy de Delta Industrial Automation, un sistema de gestión de energía industrial, es vulnerable a CWE-798, Uso de credenciales Embebidas. Las versiones 1.8.0 y anteriores presentan esta vulnerabilidad. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-03 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33005
https://notcve.org/view.php?id=CVE-2022-33005
A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. Una vulnerabilidad de tipo cross-site scripting (XSS) en el módulo System Settings/IOT Settings de Delta Electronics DIAEnergie versión v1.08.00, permite a atacantes ejecutar scripts web arbitrarios por medio de una carga útil diseñada inyectada en el campo de texto Name • https://github.com/ZhuoNiBa/Delta-DIAEnergie-XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1378
https://notcve.org/view.php?id=CVE-2022-1378
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. Delta Electronics DIAEnergie (Todas las versiones anteriores a la 1.8.02.004) presenta una vulnerabilidad de inyección SQL ciega en el archivo DIAE_pgHandler.ashx. Esto permite a un atacante inyectar consultas SQL arbitrarias, recuperar y modificar el contenido de la base de datos y ejecutar comandos del sistema • https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •