CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40967 – Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2022-40967
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a una inyección SQL que existe en CheckIoTHubNameExisted. Un atacante autenticado con pocos privilegios podría aprovechar este problema para inyectar consultas SQL arbitrarias. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41555 – Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2022-41555
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a Stored Cross-Site Scripting a través de la API PutLineMessageSetting. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40965 – Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2022-40965
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a Stored Cross-Site Scripting a través de la API PostEnergyType. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3214 – Delta Electronics DIAEnergy Use of Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2022-3214
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. DIAEnergy de Delta Industrial Automation, un sistema de gestión de energía industrial, es vulnerable a CWE-798, Uso de credenciales Embebidas. Las versiones 1.8.0 y anteriores presentan esta vulnerabilidad. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-03 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1378
https://notcve.org/view.php?id=CVE-2022-1378
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. Delta Electronics DIAEnergie (Todas las versiones anteriores a la 1.8.02.004) presenta una vulnerabilidad de inyección SQL ciega en el archivo DIAE_pgHandler.ashx. Esto permite a un atacante inyectar consultas SQL arbitrarias, recuperar y modificar el contenido de la base de datos y ejecutar comandos del sistema • https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •