diaenergie

1.10.01.008

OTHER 2 CVEs

1.10.00.005

OTHER 1 CVE

0

SINGLE_NUMBER 12 CVEs

1.10.1.8610

OTHER 3 CVEs

CVE-2024-42417

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.

HIGH Oct 03, 2024

CVE-2024-43699

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.

CRITICAL Oct 03, 2024

CVE-2024-4549

A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.

HIGH May 06, 2024

CVE-2024-4548

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.

CRITICAL May 06, 2024

CVE-2024-25574

SQL injection vulnerability exists in GetDIAE_usListParameters.

HIGH Apr 01, 2024

CVE-2024-23494

SQL injection vulnerability exists in GetDIAE_unListParameters.

HIGH Mar 21, 2024

CVE-2024-23975

SQL injection vulnerability exists in GetDIAE_slogListParameters.

HIGH Mar 21, 2024

CVE-2024-28040

SQL injection vulnerability exists in GetDIAE_astListParameters.

HIGH Mar 21, 2024

CVE-2024-28891

SQL injection vulnerability exists in the script Handler_CFG.ashx.

HIGH Mar 21, 2024

CVE-2024-28029

Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.

HIGH Mar 21, 2024