CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40967 – Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2022-40967
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a una inyección SQL que existe en CheckIoTHubNameExisted. Un atacante autenticado con pocos privilegios podría aprovechar este problema para inyectar consultas SQL arbitrarias. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41555 – Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2022-41555
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a Stored Cross-Site Scripting a través de la API PutLineMessageSetting. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40965 – Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2022-40965
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a Stored Cross-Site Scripting a través de la API PostEnergyType. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43775
https://notcve.org/view.php?id=CVE-2022-43775
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. La clase HICT_Loop en Delta Electronics DIAEnergy versión v1.9, contiene un fallo de Inyección SQL que podría permitir a un atacante conseguir una ejecución de código en un sistema remoto • https://www.tenable.com/security/research/tra-2022-33 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43774
https://notcve.org/view.php?id=CVE-2022-43774
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. La clase HandlerPageP_KID de Delta Electronics DIAEnergy versión v1.9, contiene un fallo de Inyección SQL que podría permitir a un atacante conseguir una ejecución de código en un sistema remoto • https://www.tenable.com/security/research/tra-2022-33 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •