Filtered by vendor Deltaww
Subscribe
Search
Total
20 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33005 | 1 Deltaww | 1 Diaenergie | 2022-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. | |||||
| CVE-2022-1331 | 1 Deltaww | 1 Dmars | 2022-05-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure. | |||||
| CVE-2021-31558 | 1 Deltaww | 1 Diaenergie | 2021-12-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”. | |||||
| CVE-2021-44544 | 1 Deltaww | 1 Diaenergie | 2021-12-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. | |||||
| CVE-2021-23228 | 1 Deltaww | 1 Diaenergie | 2021-12-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. | |||||
| CVE-2021-44471 | 1 Deltaww | 1 Diaenergie | 2021-12-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. | |||||
| CVE-2021-38418 | 1 Deltaww | 1 Dialink | 2021-11-05 | 4.3 MEDIUM | 5.9 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization. | |||||
| CVE-2021-38488 | 1 Deltaww | 1 Dialink | 2021-11-05 | 3.5 LOW | 4.8 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-38428 | 1 Deltaww | 1 Dialink | 2021-11-05 | 3.5 LOW | 4.8 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-38407 | 1 Deltaww | 1 Dialink | 2021-11-05 | 3.5 LOW | 4.8 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-38403 | 1 Deltaww | 1 Dialink | 2021-11-05 | 3.5 LOW | 4.8 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-38411 | 1 Deltaww | 1 Dialink | 2021-11-05 | 3.5 LOW | 4.8 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-33003 | 1 Deltaww | 1 Diaenergie | 2021-09-03 | 2.1 LOW | 5.5 MEDIUM |
| Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. | |||||
| CVE-2021-32991 | 1 Deltaww | 1 Diaenergie | 2021-09-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. | |||||
| CVE-2021-27455 | 1 Deltaww | 1 Dopsoft | 2021-07-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. | |||||
| CVE-2020-6976 | 1 Deltaww | 1 Cncsoft Screeneditor | 2020-03-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation. | |||||
| CVE-2019-6547 | 1 Deltaww | 1 Screeneditor | 2019-10-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files. | |||||
| CVE-2019-10992 | 1 Deltaww | 1 Cnssoft Screeneditor | 2019-10-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files. | |||||
| CVE-2019-10949 | 1 Deltaww | 1 Cncsoft Screeneditor | 2019-10-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files. | |||||
| CVE-2018-14824 | 1 Deltaww | 1 Delta Industrial Automation Pmsoft | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information. | |||||