Deltaww: >> Diaenergie >> 1.9.01.002 Security Vulnerabilities
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-03-21
SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.
CVSS Score
8.8
EPSS Score
0.012
Published
2024-03-21
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
CVSS Score
8.8
EPSS Score
0.0
Published
2023-02-17
SQL Injection in
AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVSS Score
8.8
EPSS Score
0.001
Published
2022-11-17
SQL Injection in
FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVSS Score
8.8
EPSS Score
0.014
Published
2022-11-17
SQL Injection in
HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVSS Score
8.8
EPSS Score
0.001
Published
2022-11-17
SQL Injection in
HandlerTag_KID.ashx
in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVSS Score
8.8
EPSS Score
0.001
Published
2022-11-17
SQL Injection in
Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVSS Score
8.8
EPSS Score
0.001
Published
2022-11-17
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to
1.9.03.009
have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.
CVSS Score
9.8
EPSS Score
0.022
Published
2022-09-16
Page 2