Deltaww: Security Vulnerabilities
A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privileged user to log in as an administrator.
CVSS Score
8.8
EPSS Score
0.01
Published
2023-01-26
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.
CVSS Score
9.8
EPSS Score
0.01
Published
2023-01-13
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to
command injection through the network diagnosis page. This vulnerability
could allow a remote unauthenticated user to add files, delete files,
and change file permissions.
CVSS Score
7.2
EPSS Score
0.048
Published
2023-01-13
Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions.
CVSS Score
3.3
EPSS Score
0.004
Published
2022-12-16
Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL.
CVSS Score
8.8
EPSS Score
0.182
Published
2022-12-14
Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose.
CVSS Score
7.2
EPSS Score
0.024
Published
2022-12-14
Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-12-14
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-12-13
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory.
CVSS Score
8.1
EPSS Score
0.023
Published
2022-12-01
SQL Injection in
AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVSS Score
8.8
EPSS Score
0.006
Published
2022-11-17