Diaenergie
Approved changes feed: RSS · Atom
cpe:2.3:a:delta_electronics:diaenergie:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Delta Electronics (602ce746-0540-56a8-8888-ddeb939a1a97) |
|---|---|
| Product | Diaenergie (f6ad6001-a986-5c01-8cd7-a1d57aeae23e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-57703 |
vulnerable | 2026-06-03 15:04:59.891797 |
Reflected Cross-site Scripting in DIAEnergie
DIAEnergie - Reflected Cross-site Scripting
Published: 2025-08-18T06:42:48.812Z
Updated: 2025-08-19T00:17:52.143Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57702 |
vulnerable | 2026-06-03 15:04:59.891475 |
Reflected Cross-site Scripting in DIAEnergie
DIAEnergie - Reflected Cross-site Scripting
Published: 2025-08-18T06:42:24.921Z
Updated: 2025-08-19T00:17:38.206Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57701 |
vulnerable | 2026-06-03 15:04:59.891109 |
Reflected Cross-site Scripting in DIAEnergie
DIAEnergie - Reflected Cross-site Scripting
Published: 2025-08-18T06:41:55.539Z
Updated: 2025-08-19T00:17:16.498Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57700 |
vulnerable | 2026-06-03 15:04:59.889900 |
Stored Cross-site Scripting in DIAEnergie
DIAEnergie - Stored Cross-site Scripting
Published: 2025-08-18T06:28:55.514Z
Updated: 2025-08-19T00:16:18.111Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4549 |
vulnerable | 2026-06-03 14:57:15.730429 |
Delta Electronics DIAEnergie SQL Injection
HIGH (7.5)
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.
Published: 2024-05-06T13:54:32.808Z
Updated: 2024-08-01T20:47:41.185Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4548 |
vulnerable | 2026-06-03 14:57:15.729925 |
Delta Electronics DIAEnergie SQL Injection
CRITICAL (9.8)
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.
Published: 2024-05-06T13:51:07.049Z
Updated: 2024-08-01T20:47:40.056Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4547 |
vulnerable | 2026-06-03 14:57:15.728920 |
Delta Electronics DIAEnergie Unauthenticated SQL Injection
CRITICAL (9.8)
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field
Published: 2024-05-06T13:48:08.737Z
Updated: 2024-08-01T20:47:40.554Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-43699 |
vulnerable | 2026-06-03 14:56:46.772176 |
Delta Electronics DIAEnergie SQL Injection
CRITICAL (9.8)
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.
Published: 2024-10-03T22:28:35.364Z
Updated: 2024-10-04T14:15:27.750Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-42417 |
vulnerable | 2026-06-03 14:56:36.347576 |
Delta Electronics DIAEnergie SQL Injection
HIGH (8.8)
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.
Published: 2024-10-03T22:32:59.999Z
Updated: 2024-10-04T14:14:32.287Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34033 |
vulnerable | 2026-06-03 14:55:53.388592 |
Path Traversal vulnerability in Delta Electronics DIAEnergie
HIGH (8.8)
Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
Published: 2024-05-03T00:20:03.319Z
Updated: 2024-08-12T20:08:16.443Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34032 |
vulnerable | 2026-06-03 14:55:53.388115 |
SQL Injection in Delta Electronics DIAEnergie
HIGH (8.8)
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
Published: 2024-05-03T00:16:40.017Z
Updated: 2024-08-12T20:08:42.943Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34031 |
vulnerable | 2026-06-03 14:55:53.386789 |
SQL Injection vulnerability in Delta Electronics DIAEnergie
HIGH (8.8)
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
Published: 2024-05-03T00:18:13.497Z
Updated: 2024-08-12T20:09:18.872Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28891 |
vulnerable | 2026-06-03 14:55:26.135464 |
Delta Electronics DIAEnergie SQL injection
HIGH (8.8)
SQL injection vulnerability exists in the script Handler_CFG.ashx.
Published: 2024-03-21T22:07:18.175Z
Updated: 2024-08-12T20:09:47.869Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28171 |
vulnerable | 2026-06-03 14:55:25.255417 |
Delta Electronics DIAEnergie Path traversal
HIGH (8.1)
It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
Published: 2024-03-21T22:19:36.480Z
Updated: 2024-08-28T14:18:49.656Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28045 |
vulnerable | 2026-06-03 14:55:24.945955 |
Delta Electronics DIAEnergie Cross-site scripting
MEDIUM (4.6)
Improper neutralization of input within the affected product could lead to cross-site scripting.
Published: 2024-03-21T22:24:12.286Z
Updated: 2024-08-02T00:48:47.822Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28040 |
vulnerable | 2026-06-03 14:55:24.938950 |
Delta Electronics DIAEnergie SQL injection
HIGH (8.8)
SQL injection vulnerability exists in GetDIAE_astListParameters.
Published: 2024-03-21T22:13:40.119Z
Updated: 2024-08-12T20:14:25.821Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28029 |
vulnerable | 2026-06-03 14:55:24.919765 |
Client-Side Enforcement of Server-Side Security in Delta Electronics DIAEnergie
HIGH (8.8)
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
Published: 2024-03-21T22:04:57.512Z
Updated: 2024-10-17T18:45:56.861Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25937 |
vulnerable | 2026-06-03 14:55:14.298967 |
Delta Electronics DIAEnergie SQL injection
HIGH (8.8)
SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.
Published: 2024-03-21T22:09:33.976Z
Updated: 2024-08-14T15:43:50.463Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25574 |
vulnerable | 2026-06-03 14:55:13.701185 |
Delta Electronics DIAEnergie SQL Injection
HIGH (8.8)
SQL injection vulnerability exists in GetDIAE_usListParameters.
Published: 2024-04-01T16:04:46.800Z
Updated: 2024-08-01T23:44:09.659Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25567 |
vulnerable | 2026-06-03 14:55:13.685514 |
Delta Electronics DIAEnergie Path traversal
HIGH (8.1)
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.
Published: 2024-03-21T22:22:17.780Z
Updated: 2024-08-01T23:44:09.621Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23975 |
vulnerable | 2026-06-03 14:55:05.009821 |
Delta Electronics DIAEnergie SQL injection
HIGH (8.8)
SQL injection vulnerability exists in GetDIAE_slogListParameters.
Published: 2024-03-21T22:15:33.833Z
Updated: 2024-08-12T20:27:50.352Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23494 |
vulnerable | 2026-06-03 14:55:03.967916 |
Delta Electronics DIAEnergie SQL injection
HIGH (8.8)
SQL injection vulnerability exists in GetDIAE_unListParameters.
Published: 2024-03-21T22:16:52.975Z
Updated: 2024-08-12T20:08:11.574Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-0822 |
vulnerable | 2026-06-03 14:48:52.925275 |
Improper Authorization
HIGH (8.8)
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
Published: 2023-02-17T16:46:21.643Z
Updated: 2025-01-16T21:56:07.791Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43506 |
vulnerable | 2026-06-03 14:48:15.359521 |
Delta Electronics DIAEnergie SQL Injection
HIGH (8.8)
SQL Injection in
HandlerTag_KID.ashx
in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
Published: 2022-11-17T22:45:55.514Z
Updated: 2025-04-16T17:42:35.524Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43457 |
vulnerable | 2026-06-03 14:48:14.238207 |
Delta Electronics DIAEnergie SQL Injection
HIGH (8.8)
SQL Injection in
HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
Published: 2022-11-17T22:45:54.782Z
Updated: 2024-10-15T18:34:46.178Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43452 |
vulnerable | 2026-06-03 14:48:14.224646 |
Delta Electronics DIAEnergie SQL Injection
HIGH (8.8)
SQL Injection in
FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
Published: 2022-11-17T22:45:55.011Z
Updated: 2025-04-16T17:42:54.049Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43447 |
vulnerable | 2026-06-03 14:48:14.216281 |
Delta Electronics DIAEnergie SQL Injection
HIGH (8.8)
SQL Injection in
AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
Published: 2022-11-17T22:45:54.530Z
Updated: 2025-04-16T17:43:04.159Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41775 |
vulnerable | 2026-06-03 14:48:05.973558 |
Delta Electronics DIAEnergie SQL Injection
HIGH (8.8)
SQL Injection in
Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
Published: 2022-11-17T22:45:55.264Z
Updated: 2025-04-16T17:42:46.800Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41773 |
vulnerable | 2026-06-03 14:48:05.973181 |
Delta Electronics DIAEnergie
HIGH (8.8)
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
Published: 2022-10-27T20:15:38.645Z
Updated: 2025-04-16T17:45:10.058Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41702 |
vulnerable | 2026-06-03 14:48:05.838827 |
Delta Electronics DIAEnergie
HIGH (8.7)
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.
Published: 2022-10-27T20:15:39.344Z
Updated: 2025-04-16T17:44:33.826Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41701 |
vulnerable | 2026-06-03 14:48:05.838364 |
Delta Electronics DIAEnergie
HIGH (8.7)
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.
Published: 2022-10-27T20:15:38.365Z
Updated: 2025-04-16T17:45:23.534Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41651 |
vulnerable | 2026-06-03 14:48:05.701360 |
Delta Electronics DIAEnergie
HIGH (8.7)
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.
Published: 2022-10-27T20:15:39.114Z
Updated: 2025-04-16T17:44:44.667Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41555 |
vulnerable | 2026-06-03 14:48:05.507820 |
Delta Electronics DIAEnergie
HIGH (8.7)
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.
Published: 2022-10-27T20:15:37.817Z
Updated: 2025-04-16T17:45:48.514Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41133 |
vulnerable | 2026-06-03 14:48:05.014052 |
Delta Electronics DIAEnergie
HIGH (8.8)
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
Published: 2022-10-27T20:15:38.873Z
Updated: 2025-04-16T17:44:56.844Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-40967 |
vulnerable | 2026-06-03 14:48:03.838132 |
Delta Electronics DIAEnergie
HIGH (8.8)
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
Published: 2022-10-27T20:15:38.073Z
Updated: 2025-04-16T17:45:38.090Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-40965 |
vulnerable | 2026-06-03 14:48:03.754444 |
Delta Electronics DIAEnergie
HIGH (8.7)
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.
Published: 2022-10-27T20:15:37.542Z
Updated: 2025-04-16T17:45:59.099Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27175 |
vulnerable | 2026-06-03 14:46:45.614664 |
Delta Electronics DIAEnergie SQL Injection in GetCalcTagList
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-03-29T16:37:15.390Z
Updated: 2025-04-16T16:35:06.259Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26887 |
vulnerable | 2026-06-03 14:46:45.136462 |
Delta Electronics DIAEnergie SQL Injection in DIAE_HandlerTag_KID.ashx
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-03-29T16:37:10.562Z
Updated: 2025-04-16T16:35:54.819Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26839 |
vulnerable | 2026-06-03 14:46:44.305306 |
Delta Electronics DIAEnergie Incorrect Default Permissions
HIGH (7.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.
Published: 2022-03-29T16:37:14.522Z
Updated: 2025-04-16T17:58:28.610Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26836 |
vulnerable | 2026-06-03 14:46:44.130258 |
Delta Electronics DIAEnergie SQL Injection in HandlerExport.ashx/Calendar.ashx
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-03-29T16:37:09.752Z
Updated: 2025-04-16T16:36:05.108Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26667 |
vulnerable | 2026-06-03 14:46:43.697280 |
Delta Electronics DIAEnergie SQL Injection in GetDemandAnalysisData
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-03-29T16:37:13.735Z
Updated: 2025-04-16T16:35:14.982Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26666 |
vulnerable | 2026-06-03 14:46:43.696772 |
Delta Electronics DIAEnergie SQL Injection in HandlerDialogECC.ashx
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-03-29T16:37:11.423Z
Updated: 2025-04-16T16:35:44.682Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26514 |
vulnerable | 2026-06-03 14:46:43.307070 |
Delta Electronics DIAEnergie SQL Injection in DIAE_tagHandler.ashx
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-03-29T16:37:12.212Z
Updated: 2025-04-16T16:35:33.945Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26349 |
vulnerable | 2026-06-03 14:46:42.383341 |
Delta Electronics DIAEnergie SQL Injection in DIAE_eccoefficientHandler.ashx
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-03-29T16:37:08.970Z
Updated: 2025-04-16T16:36:15.877Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26338 |
vulnerable | 2026-06-03 14:46:42.112916 |
Delta Electronics DIAEnergie SQL Injection in DIAE_hierarchyHandler.ashx
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-03-29T16:37:12.974Z
Updated: 2025-04-16T16:35:25.209Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26069 |
vulnerable | 2026-06-03 14:46:41.381561 |
Delta Electronics DIAEnergie SQL Injection in HandlerPage_KID.ashx
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-03-29T16:37:05.023Z
Updated: 2025-04-16T16:37:06.445Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26065 |
vulnerable | 2026-06-03 14:46:41.377545 |
Delta Electronics DIAEnergie SQL Injection in GetLatestDemandNode and GetDemandAnalysisData
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-03-29T16:37:08.222Z
Updated: 2025-04-16T16:36:24.327Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26059 |
vulnerable | 2026-06-03 14:46:41.373773 |
Delta Electronics DIAEnergie SQL Injection in GetQueryData
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-03-29T16:37:01.122Z
Updated: 2025-04-16T16:37:44.852Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26013 |
vulnerable | 2026-06-03 14:46:41.134934 |
Delta Electronics DIAEnergie SQL Injection in DIAE_dmdsetHandler.ashx
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-03-29T16:37:07.369Z
Updated: 2025-04-16T16:36:34.814Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25980 |
vulnerable | 2026-06-03 14:46:40.979569 |
Delta Electronics DIAEnergie SQL Injection in HandlerCommon.ashx
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-03-29T16:37:03.370Z
Updated: 2025-04-16T16:37:32.829Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25880 |
vulnerable | 2026-06-03 14:46:40.778487 |
Delta Electronics DIAEnergie SQL Injection in DIAE_hierarchyHandler.ashx
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-03-29T16:37:06.548Z
Updated: 2025-04-16T16:36:44.618Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25347 |
vulnerable | 2026-06-03 14:46:37.583851 |
Delta Electronics DIAEnergie Path Traversal
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.
Published: 2022-03-29T16:37:04.204Z
Updated: 2025-04-16T16:37:18.369Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1378 |
vulnerable | 2026-06-03 14:45:58.631442 |
Details available
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-05-02T18:12:12.000Z
Updated: 2025-04-16T16:25:55.979Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1377 |
vulnerable | 2026-06-03 14:45:58.630996 |
Details available
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-05-02T18:11:25.000Z
Updated: 2025-04-16T16:26:05.775Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1376 |
vulnerable | 2026-06-03 14:45:58.630552 |
Details available
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-05-02T18:10:38.000Z
Updated: 2025-04-16T16:26:16.352Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1375 |
vulnerable | 2026-06-03 14:45:58.630083 |
Details available
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-05-02T18:09:44.000Z
Updated: 2025-04-16T16:26:26.442Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1374 |
vulnerable | 2026-06-03 14:45:58.629628 |
Details available
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-05-02T18:08:51.000Z
Updated: 2025-04-16T16:26:36.122Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1372 |
vulnerable | 2026-06-03 14:45:58.628548 |
Details available
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-05-02T18:08:06.000Z
Updated: 2025-04-16T16:26:50.233Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1371 |
vulnerable | 2026-06-03 14:45:58.628195 |
Details available
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-05-02T18:06:30.000Z
Updated: 2025-04-16T16:26:57.363Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1370 |
vulnerable | 2026-06-03 14:45:58.627823 |
Details available
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-05-02T18:05:34.000Z
Updated: 2025-04-16T16:27:05.976Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1369 |
vulnerable | 2026-06-03 14:45:58.627442 |
Details available
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-05-02T18:03:59.000Z
Updated: 2025-04-16T16:27:13.375Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1367 |
vulnerable | 2026-06-03 14:45:58.622802 |
Details available
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-05-02T18:02:31.000Z
Updated: 2025-04-16T16:27:21.544Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1366 |
vulnerable | 2026-06-03 14:45:58.622417 |
Details available
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-05-02T18:01:09.000Z
Updated: 2025-04-16T16:27:29.008Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0988 |
vulnerable | 2026-06-03 14:45:57.516805 |
Delta Electronics DIAEnergie CLEARTEXT Transmission of Sensitive Information
HIGH (7.1)
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.
Published: 2022-03-25T18:02:30.522Z
Updated: 2025-04-16T16:38:11.591Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0923 |
vulnerable | 2026-06-03 14:45:57.415258 |
Delta Electronics DIAEnergie SQL Injection in HandlerDialog_KID.ashx
CRITICAL (9.8)
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Published: 2022-03-29T16:37:05.764Z
Updated: 2025-04-16T16:36:54.593Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44544 |
vulnerable | 2026-06-03 14:45:36.576829 |
Delta Electronics DIAEnergie (Update A)
HIGH (7.5)
DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.
Published: 2021-12-22T18:06:50.589Z
Updated: 2024-09-17T01:41:11.354Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44471 |
vulnerable | 2026-06-03 14:45:36.222492 |
Delta Electronics DIAEnergie (Update A)
HIGH (7.5)
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”.
Published: 2021-12-22T18:06:49.880Z
Updated: 2024-09-16T23:26:35.646Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31558 |
vulnerable | 2026-06-03 14:44:33.289412 |
Delta Electronics DIAEnergie (Update A)
MEDIUM (6.5)
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.
Published: 2021-12-22T18:06:51.363Z
Updated: 2024-09-16T18:40:05.583Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-23228 |
vulnerable | 2026-06-03 14:43:54.922865 |
Delta Electronics DIAEnergie (Update A)
HIGH (7.5)
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.
Published: 2021-12-22T18:06:52.089Z
Updated: 2024-09-17T02:36:27.721Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.