Shodan
Vulnerabilities
Vulnerable Software
Deltaww:  Security Vulnerabilities
CVE-2021-38402
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.02
Published
2021-09-17
CVE-2021-38404
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.007
Published
2021-09-17
CVE-2021-38406
Known exploited
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.822
Published
2021-09-17
CVE-2021-32955
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-08-30
CVE-2021-32967
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-08-30
CVE-2021-32983
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.
CVSS Score
9.8
EPSS Score
0.02
Published
2021-08-30
CVE-2021-32991
Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-08-30
CVE-2021-33003
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-08-30
CVE-2021-33007
A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.005
Published
2021-08-30
CVE-2021-33019
A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.004
Published
2021-08-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved