Filtered by vendor Deltaww
Subscribe
Total
217 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-1140 | 1 Deltaww | 1 Infrasuite Device Master | 2024-02-28 | N/A | 9.8 CRITICAL |
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. | |||||
CVE-2023-34316 | 1 Deltaww | 1 Infrasuite Device Master | 2024-02-28 | N/A | 7.5 HIGH |
?An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents. | |||||
CVE-2023-1138 | 1 Deltaww | 1 Infrasuite Device Master | 2024-02-28 | N/A | 7.5 HIGH |
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials. | |||||
CVE-2023-1133 | 1 Deltaww | 1 Infrasuite Device Master | 2024-02-28 | N/A | 9.8 CRITICAL |
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code. | |||||
CVE-2023-1145 | 1 Deltaww | 1 Infrasuite Device Master | 2024-02-28 | N/A | 7.8 HIGH |
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | |||||
CVE-2023-1137 | 1 Deltaww | 1 Infrasuite Device Master | 2024-02-28 | N/A | 8.8 HIGH |
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation. | |||||
CVE-2023-34347 | 1 Deltaww | 1 Infrasuite Device Master | 2024-02-28 | N/A | 9.8 CRITICAL |
?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code. | |||||
CVE-2023-0822 | 1 Deltaww | 1 Diaenergie | 2024-02-28 | N/A | 8.8 HIGH |
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. | |||||
CVE-2022-2966 | 1 Deltaww | 1 Dopsoft | 2024-02-28 | N/A | 7.5 HIGH |
Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions. | |||||
CVE-2022-2969 | 1 Deltaww | 1 Dialink | 2024-02-28 | N/A | 7.5 HIGH |
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory. | |||||
CVE-2022-42139 | 1 Deltaww | 2 Dvw-w02w2-e2, Dvw-w02w2-e2 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL. | |||||
CVE-2022-41775 | 1 Deltaww | 1 Diaenergie | 2024-02-28 | N/A | 8.8 HIGH |
SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
CVE-2023-0123 | 1 Deltaww | 1 Dopsoft | 2024-02-28 | N/A | 7.8 HIGH |
Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. | |||||
CVE-2022-4634 | 1 Deltaww | 2 Cncsoft, Screeneditor | 2024-02-28 | N/A | 7.8 HIGH |
All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. | |||||
CVE-2022-43457 | 1 Deltaww | 1 Diaenergie | 2024-02-28 | N/A | 8.8 HIGH |
SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
CVE-2022-43447 | 1 Deltaww | 1 Diaenergie | 2024-02-28 | N/A | 8.8 HIGH |
SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
CVE-2022-4616 | 1 Deltaww | 2 Dx-3021l9, Dx-3021l9 Firmware | 2024-02-28 | N/A | 9.1 CRITICAL |
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions. | |||||
CVE-2023-0251 | 1 Deltaww | 1 Diascreen | 2024-02-28 | N/A | 7.8 HIGH |
Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code. | |||||
CVE-2022-2660 | 1 Deltaww | 1 Dialink | 2024-02-28 | N/A | 7.5 HIGH |
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. | |||||
CVE-2023-0249 | 1 Deltaww | 1 Diascreen | 2024-02-28 | N/A | 7.8 HIGH |
Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. |