Shodan
Vulnerabilities
Vulnerable Software
Deltaww:  >> Diaenergie  >> 1.9.0  Security Vulnerabilities
CVE-2022-43452
SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVSS Score
8.8
EPSS Score
0.014
Published
2022-11-17
CVE-2022-43457
SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVSS Score
8.8
EPSS Score
0.001
Published
2022-11-17
CVE-2022-43506
SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVSS Score
8.8
EPSS Score
0.001
Published
2022-11-17
CVE-2022-41775
SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVSS Score
8.8
EPSS Score
0.001
Published
2022-11-17
CVE-2022-41651
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.
CVSS Score
8.7
EPSS Score
0.043
Published
2022-10-27
CVE-2022-41701
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.
CVSS Score
8.7
EPSS Score
0.057
Published
2022-10-27
CVE-2022-41702
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.
CVSS Score
8.7
EPSS Score
0.057
Published
2022-10-27
CVE-2022-41773
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
CVSS Score
8.8
EPSS Score
0.022
Published
2022-10-27
CVE-2022-41133
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
CVSS Score
8.8
EPSS Score
0.017
Published
2022-10-27
CVE-2022-41555
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.
CVSS Score
8.7
EPSS Score
0.043
Published
2022-10-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved