Filtered by vendor Deltaww
Subscriptions
Total
212 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2660 | 1 Deltaww | 1 Dialink | 2023-11-07 | 7.5 High |
| Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. | ||||
| CVE-2018-14824 | 1 Deltaww | 1 Delta Industrial Automation Pmsoft | 2023-11-07 | N/A |
| Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information. | ||||
| CVE-2022-41775 | 1 Deltaww | 1 Diaenergie | 2023-10-30 | 8.8 High |
| SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-43447 | 1 Deltaww | 1 Diaenergie | 2023-10-30 | 8.8 High |
| SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-43506 | 1 Deltaww | 1 Diaenergie | 2023-10-30 | 8.8 High |
| SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-43452 | 1 Deltaww | 1 Diaenergie | 2023-10-27 | 8.8 High |
| SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2023-5068 | 1 Deltaww | 1 Diascreen | 2023-09-25 | 7.8 High |
| Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-25177 | 1 Deltaww | 1 Cncsoft-b | 2023-06-14 | 7.8 High |
| Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2023-24014 | 1 Deltaww | 1 Cncsoft-b | 2023-06-14 | 7.8 High |
| Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2019-13513 | 1 Deltaww | 1 Delta Industrial Automation Dopsoft | 2023-03-03 | 7.8 High |
| In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application. | ||||
| CVE-2019-13514 | 1 Deltaww | 1 Delta Industrial Automation Dopsoft | 2023-03-03 | 7.8 High |
| In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash of the application. | ||||
| CVE-2023-0444 | 1 Deltaww | 1 Infrasuite Device Master | 2023-02-06 | 8.8 High |
| A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privileged user to log in as an administrator. | ||||
| CVE-2022-42139 | 1 Deltaww | 2 Dvw-w02w2-e2, Dvw-w02w2-e2 Firmware | 2022-12-16 | 8.8 High |
| Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL. | ||||
| CVE-2022-42141 | 1 Deltaww | 2 Dx-2100-l1-cn, Dx-2100-l1-cn Firmware | 2022-12-16 | 5.4 Medium |
| Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter. | ||||
| CVE-2022-42140 | 1 Deltaww | 2 Dx-2100-l1-cn, Dx-2100-l1-cn Firmware | 2022-12-16 | 7.2 High |
| Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose. | ||||
| CVE-2022-2969 | 1 Deltaww | 1 Dialink | 2022-12-07 | 7.5 High |
| Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory. | ||||
| CVE-2019-6547 | 1 Deltaww | 1 Screeneditor | 2022-11-30 | 5.5 Medium |
| Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files. | ||||
| CVE-2022-40965 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | 5.4 Medium |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | ||||
| CVE-2022-40967 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||||
| CVE-2022-41133 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||||