Vulnerabilities
Vulnerable Software
Deltaww:  Security Vulnerabilities
Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-02-03
A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privileged user to log in as an administrator.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-01-26
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-01-13
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions.
CVSS Score
7.2
EPSS Score
0.108
Published
2023-01-13
Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions.
CVSS Score
3.3
EPSS Score
0.001
Published
2022-12-16
Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL.
CVSS Score
8.8
EPSS Score
0.381
Published
2022-12-14
Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose.
CVSS Score
7.2
EPSS Score
0.005
Published
2022-12-14
Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-12-14
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-12-13
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory.
CVSS Score
8.1
EPSS Score
0.001
Published
2022-12-01


Contact Us

Shodan ® - All rights reserved