Page 4 of 49 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a una inyección SQL que existe en CheckIoTHubNameExisted. Un atacante autenticado con pocos privilegios podría aprovechar este problema para inyectar consultas SQL arbitrarias. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a Stored Cross-Site Scripting a través de la API PutLineMessageSetting. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a Stored Cross-Site Scripting a través de la API PostEnergyType. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to  1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. DIAEnergy de Delta Industrial Automation, un sistema de gestión de energía industrial, es vulnerable a CWE-798, Uso de credenciales Embebidas. Las versiones 1.8.0 y anteriores presentan esta vulnerabilidad. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-03 • CWE-798: Use of Hard-coded Credentials •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. Una vulnerabilidad de tipo cross-site scripting (XSS) en el módulo System Settings/IOT Settings de Delta Electronics DIAEnergie versión v1.08.00, permite a atacantes ejecutar scripts web arbitrarios por medio de una carga útil diseñada inyectada en el campo de texto Name • https://github.com/ZhuoNiBa/Delta-DIAEnergie-XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •