Deltaww: >> Diaenergie >> 1.9.01.001 Security Vulnerabilities
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.
CVSS Score
8.7
EPSS Score
0.057
Published
2022-10-27
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
CVSS Score
8.8
EPSS Score
0.022
Published
2022-10-27
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
CVSS Score
8.8
EPSS Score
0.018
Published
2022-10-27
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.
CVSS Score
8.7
EPSS Score
0.043
Published
2022-10-27
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.
CVSS Score
8.7
EPSS Score
0.043
Published
2022-10-27
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
CVSS Score
8.8
EPSS Score
0.03
Published
2022-10-27
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to
1.9.03.009
have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.
CVSS Score
9.8
EPSS Score
0.022
Published
2022-09-16
Page 3