CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40965 – Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2022-40965
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. El producto afectado DIAEnergie (versiones anteriores a la v1.9.01.002) es vulnerable a Stored Cross-Site Scripting a través de la API PostEnergyType. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43775
https://notcve.org/view.php?id=CVE-2022-43775
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. La clase HICT_Loop en Delta Electronics DIAEnergy versión v1.9, contiene un fallo de Inyección SQL que podría permitir a un atacante conseguir una ejecución de código en un sistema remoto • https://www.tenable.com/security/research/tra-2022-33 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43774
https://notcve.org/view.php?id=CVE-2022-43774
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. La clase HandlerPageP_KID de Delta Electronics DIAEnergy versión v1.9, contiene un fallo de Inyección SQL que podría permitir a un atacante conseguir una ejecución de código en un sistema remoto • https://www.tenable.com/security/research/tra-2022-33 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3214 – Delta Electronics DIAEnergy Use of Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2022-3214
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. DIAEnergy de Delta Industrial Automation, un sistema de gestión de energía industrial, es vulnerable a CWE-798, Uso de credenciales Embebidas. Las versiones 1.8.0 y anteriores presentan esta vulnerabilidad. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-03 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33005
https://notcve.org/view.php?id=CVE-2022-33005
A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. Una vulnerabilidad de tipo cross-site scripting (XSS) en el módulo System Settings/IOT Settings de Delta Electronics DIAEnergie versión v1.08.00, permite a atacantes ejecutar scripts web arbitrarios por medio de una carga útil diseñada inyectada en el campo de texto Name • https://github.com/ZhuoNiBa/Delta-DIAEnergie-XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •