Every CVE whose affected-product data names Deltaww Diaenergie, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (82)
CVE-2022-26887 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx…
CVE-2024-4548 — CVSS 9.8 (critical): An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message…
CVE-2021-32955 — CVSS 9.8 (critical): Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code.
CVE-2021-32967 — CVSS 9.8 (critical): Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or…
CVE-2021-32983 — CVSS 9.8 (critical): A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and…
CVE-2024-4547 — CVSS 9.8 (critical): A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message…
CVE-2024-43699 — CVSS 9.8 (critical): Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to…
CVE-2021-38390 — CVSS 9.8 (critical): A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version…
CVE-2021-38391 — CVSS 9.8 (critical): A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5…
CVE-2021-38393 — CVSS 9.8 (critical): A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version…
CVE-2022-43775 — CVSS 9.8 (critical): The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution…
CVE-2022-43774 — CVSS 9.8 (critical): The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code…
CVE-2022-0923 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in…
CVE-2022-3214 — CVSS 9.8 (critical): Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials…
CVE-2022-27175 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This…
CVE-2022-1366 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This…
CVE-2022-1367 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This…
CVE-2022-1369 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows…
CVE-2022-1370 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows…
CVE-2022-1371 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an…
CVE-2022-1372 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows…
CVE-2022-1374 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This…
CVE-2022-1375 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx…
CVE-2022-1376 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx…
CVE-2022-1377 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx…
CVE-2022-1378 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This…
CVE-2022-25347 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to…
CVE-2022-25880 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This…
CVE-2022-25980 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx…
CVE-2022-26013 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in…
CVE-2022-26059 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This…
CVE-2022-26065 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This…
CVE-2022-26069 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in…
CVE-2022-26338 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx…
CVE-2022-26349 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in…
CVE-2022-26514 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in…
CVE-2022-26666 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This…
CVE-2022-26667 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in…
CVE-2022-26836 — CVSS 9.8 (critical): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in…
CVE-2022-40967 — CVSS 8.8 (high): The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A…
CVE-2022-41133 — CVSS 8.8 (high): The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_setting…
CVE-2022-41773 — CVSS 8.8 (high): The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A…
CVE-2022-41775 — CVSS 8.8 (high): SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries…
CVE-2022-43447 — CVSS 8.8 (high): SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL…
CVE-2022-43452 — CVSS 8.8 (high): SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries…
CVE-2022-43457 — CVSS 8.8 (high): SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL…
CVE-2022-43506 — CVSS 8.8 (high): SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries…
CVE-2023-0822 — CVSS 8.8 (high): The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to…
CVE-2024-28029 — CVSS 8.8 (high): Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access…
CVE-2024-34031 — CVSS 8.8 (high): Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated…
CVE-2024-34032 — CVSS 8.8 (high): Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated…
CVE-2024-34033 — CVSS 8.8 (high): Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside…
CVE-2024-42417 — CVSS 8.8 (high): Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to…
CVE-2022-41651 — CVSS 8.7 (high): The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the…
CVE-2022-41555 — CVSS 8.7 (high): The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the…
CVE-2022-41702 — CVSS 8.7 (high): The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the…
CVE-2022-41701 — CVSS 8.7 (high): The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the…
CVE-2022-40965 — CVSS 8.7 (high): The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the…
CVE-2024-28171 — CVSS 8.1 (high): It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already…
CVE-2024-25567 — CVSS 8.1 (high): Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is…
CVE-2022-1098 — CVSS 7.8 (high): Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the…
CVE-2022-26839 — CVSS 7.8 (high): Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie…
CVE-2021-44471 — CVSS 7.5 (high): DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into…
CVE-2021-23228 — CVSS 7.5 (high): DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by…
CVE-2024-4549 — CVSS 7.5 (high): A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message…
CVE-2021-44544 — CVSS 7.5 (high): DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the…
CVE-2022-0988 — CVSS 7.1 (high): Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on…
CVE-2021-31558 — CVSS 6.5 (medium): DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into…
CVE-2022-33005 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows…
CVE-2021-33003 — CVSS 5.5 (medium): Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing…
CVE-2021-32991 — CVSS 4.3 (medium): Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a…