Deltaww: >> Diaenergie >> 1.9.03.001 Security Vulnerabilities
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-03-21
SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.
CVSS Score
8.8
EPSS Score
0.012
Published
2024-03-21
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to
1.9.03.009
have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.
CVSS Score
9.8
EPSS Score
0.022
Published
2022-09-16
Page 2