Deltaww: >> Diaenergie >> 1.9.0 Security Vulnerabilities
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-10-26
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
CVSS Score
9.8
EPSS Score
0.069
Published
2022-10-26
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to
1.9.03.009
have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.
CVSS Score
9.8
EPSS Score
0.029
Published
2022-09-16
Page 3