ReportizFlow
Filtered by vendor Deltaww
Subscriptions
Total
229 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1137 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 6.5 Medium |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation. | ||||
| CVE-2023-1136 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 9.8 Critical |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass. | ||||
| CVE-2023-1135 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 7.8 High |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. | ||||
| CVE-2023-1134 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 7.1 High |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges. | ||||
| CVE-2023-1133 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 9.8 Critical |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code. | ||||
| CVE-2023-0822 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. | ||||
| CVE-2023-0444 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privileged user to log in as an administrator. | ||||
| CVE-2023-0432 | 1 Deltaww | 2 Dx-2100l1-cn, Dx-2100l1-cn Firmware | 2024-11-21 | 9.0 Critical |
| The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user "root." If the attacker has credentials for the web service, then the device could be fully compromised. | ||||
| CVE-2023-0251 | 1 Deltaww | 1 Diascreen | 2024-11-21 | 7.8 High |
| Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2023-0250 | 1 Deltaww | 1 Diascreen | 2024-11-21 | 7.8 High |
| Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2023-0249 | 1 Deltaww | 1 Diascreen | 2024-11-21 | 7.8 High |
| Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2023-0124 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 7.8 High |
| Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. | ||||
| CVE-2023-0123 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 7.8 High |
| Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. | ||||
| CVE-2022-4634 | 1 Deltaww | 2 Cncsoft, Screeneditor | 2024-11-21 | 7.8 High |
| All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2022-4616 | 1 Deltaww | 2 Dx-3021l9, Dx-3021l9 Firmware | 2024-11-21 | 7.2 High |
| The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions. | ||||
| CVE-2022-43775 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | ||||
| CVE-2022-43774 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | ||||
| CVE-2022-43506 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.8 High |
| SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-43457 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.8 High |
| SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-43452 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.8 High |
| SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||