Filtered by vendor Deltaww
Subscribe
Total
253 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6547 | 1 Deltaww | 1 Screeneditor | 2022-11-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files. | |||||
| CVE-2022-40965 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | |||||
| CVE-2022-40967 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
| CVE-2022-41555 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. | |||||
| CVE-2022-41133 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
| CVE-2022-41651 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. | |||||
| CVE-2022-41701 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | |||||
| CVE-2022-41702 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | |||||
| CVE-2022-41773 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
| CVE-2020-16223 | 1 Deltaww | 1 Tpeditor | 2022-09-30 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | |||||
| CVE-2020-16219 | 1 Deltaww | 1 Tpeditor | 2022-09-30 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | |||||
| CVE-2020-16221 | 1 Deltaww | 1 Tpeditor | 2022-09-30 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | |||||
| CVE-2020-16225 | 1 Deltaww | 1 Tpeditor | 2022-09-30 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | |||||
| CVE-2022-1404 | 1 Deltaww | 1 Cncsoft | 2022-09-07 | N/A | 7.1 HIGH |
| Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. | |||||
| CVE-2022-1405 | 1 Deltaww | 1 Cncsoft | 2022-09-05 | N/A | 7.8 HIGH |
| CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. | |||||
| CVE-2022-2759 | 1 Deltaww | 1 Delta Robot Automation Studio | 2022-09-02 | N/A | 8.6 HIGH |
| Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host. | |||||
| CVE-2022-33005 | 1 Deltaww | 1 Diaenergie | 2022-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. | |||||
| CVE-2021-32967 | 1 Deltaww | 1 Diaenergie | 2022-07-02 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. | |||||
| CVE-2022-26338 | 1 Deltaww | 1 Diaenergie | 2022-06-29 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-26887 | 1 Deltaww | 1 Diaenergie | 2022-06-29 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||