Skip to main content

Diaenergie

82 CVEs product

Monthly

CVE-2025-57703 MEDIUM This Month

DIAEnergie - Reflected Cross-site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Diaenergie
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-57702 MEDIUM This Month

DIAEnergie - Reflected Cross-site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Diaenergie
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-57701 MEDIUM This Month

DIAEnergie - Reflected Cross-site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Diaenergie
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-57700 HIGH This Month

DIAEnergie - Stored Cross-site Scripting. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2024-43699 CRITICAL Act Now

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-42417 HIGH This Week

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 4.0
8.7
EPSS
6.8%
CVE-2024-4549 HIGH POC This Week

A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Diaenergie
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-4548 CRITICAL POC THREAT Emergency

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Diaenergie
NVD
CVSS 3.1
9.8
EPSS
29.4%
CVE-2024-4547 CRITICAL POC Act Now

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-34033 HIGH This Week

Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Diaenergie
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-34032 HIGH This Week

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
8.7%
CVE-2024-34031 HIGH This Week

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-25574 CRITICAL Act Now

SQL injection vulnerability exists in GetDIAE_usListParameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
8.8%
CVE-2024-28171 HIGH This Week

It is possible to perform a path traversal attack and write outside of the intended directory. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Diaenergie
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-28045 MEDIUM This Month

Improper neutralization of input within the affected product could lead to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28040 HIGH This Week

SQL injection vulnerability exists in GetDIAE_astListParameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2024-25567 HIGH This Week

Path traversal attack is possible and write outside of the intended directory and may access sensitive information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-23975 HIGH This Week

SQL injection vulnerability exists in GetDIAE_slogListParameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2024-23494 HIGH This Week

SQL injection vulnerability exists in GetDIAE_unListParameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2024-28891 HIGH This Week

SQL injection vulnerability exists in the script Handler_CFG.ashx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2024-28029 HIGH This Week

Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25937 HIGH This Week

SQL injection vulnerability exists in the script DIAE_tagHandler.ashx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2023-0822 HIGH This Week

The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-43506 HIGH This Week

SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-43457 HIGH This Week

SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-43452 HIGH This Week

SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
7.7%
CVE-2022-43447 HIGH This Week

SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-41775 HIGH This Week

SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-41773 HIGH This Week

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
7.9%
CVE-2022-41702 MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
11.1%
CVE-2022-41701 MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
11.1%
CVE-2022-41651 MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
11.1%
CVE-2022-41555 MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
11.1%
CVE-2022-41133 HIGH This Week

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
26.6%
CVE-2022-40967 HIGH This Week

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
7.7%
CVE-2022-40965 MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
11.1%
CVE-2022-43775 CRITICAL Act Now

The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
20.6%
CVE-2022-43774 CRITICAL Act Now

The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3214 CRITICAL Act Now

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-33005 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Diaenergie
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-1378 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
19.4%
CVE-2022-1377 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1376 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1375 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1374 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1372 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1371 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1370 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1369 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1367 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
20.8%
CVE-2022-1366 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
19.4%
CVE-2022-1098 HIGH This Week

Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Diaenergie
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27175 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26887 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
9.5%
CVE-2022-26839 HIGH This Week

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Diaenergie
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-26836 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26667 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26666 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26514 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26349 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26338 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26069 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26065 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26059 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26013 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
8.9%
CVE-2022-25980 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-25880 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-25347 HIGH This Week

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Diaenergie
NVD
CVSS 3.1
7.5
EPSS
11.1%
CVE-2022-0923 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-0988 HIGH PATCH This Week

Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Diaenergie
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-44544 MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Diaenergie
NVD
CVSS 3.1
6.1
EPSS
9.5%
CVE-2021-44471 MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Diaenergie
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-31558 MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Diaenergie
NVD
CVSS 3.1
6.1
EPSS
10.6%
CVE-2021-23228 MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-38393 CRITICAL Act Now

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Diaenergie
NVD
CVSS 3.1
9.8
EPSS
19.9%
CVE-2021-38391 CRITICAL Act Now

A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Diaenergie
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2021-38390 CRITICAL Act Now

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Diaenergie
NVD
CVSS 3.1
9.8
EPSS
19.8%
CVE-2021-33003 MEDIUM This Month

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Diaenergie
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-32991 MEDIUM This Month

Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Diaenergie
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-32983 CRITICAL Act Now

A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Diaenergie
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2021-32967 CRITICAL Act Now

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-32955 CRITICAL Act Now

Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Diaenergie
NVD
CVSS 3.1
9.8
EPSS
37.3%
EPSS 0% CVSS 5.9
MEDIUM This Month

DIAEnergie - Reflected Cross-site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Diaenergie
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

DIAEnergie - Reflected Cross-site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Diaenergie
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

DIAEnergie - Reflected Cross-site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Diaenergie
NVD
EPSS 0% CVSS 7.0
HIGH This Month

DIAEnergie - Stored Cross-site Scripting. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 7% CVSS 8.7
HIGH This Week

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Diaenergie
NVD
EPSS 29% CVSS 9.8
CRITICAL POC THREAT Emergency

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Diaenergie
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Diaenergie
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Diaenergie
NVD
EPSS 9% CVSS 8.8
HIGH This Week

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

SQL injection vulnerability exists in GetDIAE_usListParameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 8.1
HIGH This Week

It is possible to perform a path traversal attack and write outside of the intended directory. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Diaenergie
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper neutralization of input within the affected product could lead to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
EPSS 8% CVSS 8.8
HIGH This Week

SQL injection vulnerability exists in GetDIAE_astListParameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Path traversal attack is possible and write outside of the intended directory and may access sensitive information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Diaenergie
NVD
EPSS 8% CVSS 8.8
HIGH This Week

SQL injection vulnerability exists in GetDIAE_slogListParameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 8% CVSS 8.8
HIGH This Week

SQL injection vulnerability exists in GetDIAE_unListParameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 8% CVSS 8.8
HIGH This Week

SQL injection vulnerability exists in the script Handler_CFG.ashx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Diaenergie
NVD
EPSS 8% CVSS 8.8
HIGH This Week

SQL injection vulnerability exists in the script DIAE_tagHandler.ashx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Diaenergie
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 8% CVSS 8.8
HIGH This Week

SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 8% CVSS 8.8
HIGH This Week

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 11% CVSS 5.4
MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
EPSS 11% CVSS 5.4
MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
EPSS 11% CVSS 5.4
MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
EPSS 11% CVSS 5.4
MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
EPSS 27% CVSS 8.8
HIGH This Week

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 8% CVSS 8.8
HIGH This Week

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 11% CVSS 5.4
MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
EPSS 21% CVSS 9.8
CRITICAL Act Now

The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Diaenergie
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Diaenergie
NVD GitHub
EPSS 19% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 21% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 19% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 10% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 11% CVSS 7.5
HIGH This Week

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Diaenergie
NVD
EPSS 9% CVSS 6.1
MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Diaenergie
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Diaenergie
NVD
EPSS 11% CVSS 6.1
MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Diaenergie
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
EPSS 20% CVSS 9.8
CRITICAL Act Now

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Diaenergie
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Diaenergie
NVD
EPSS 20% CVSS 9.8
CRITICAL Act Now

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Diaenergie
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Diaenergie
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Diaenergie
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Diaenergie
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Diaenergie
NVD
EPSS 37% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Diaenergie
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy