Diaenergie

DIAEnergie - Reflected Cross-site Scripting

Published: 2025-08-18T06:42:48.812Z
Updated: 2025-08-19T00:17:52.143Z

DIAEnergie - Reflected Cross-site Scripting

Published: 2025-08-18T06:42:24.921Z
Updated: 2025-08-19T00:17:38.206Z

DIAEnergie - Reflected Cross-site Scripting

Published: 2025-08-18T06:41:55.539Z
Updated: 2025-08-19T00:17:16.498Z

DIAEnergie - Stored Cross-site Scripting

Published: 2025-08-18T06:28:55.514Z
Updated: 2025-08-19T00:16:18.111Z

A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.

Published: 2024-05-06T13:54:32.808Z
Updated: 2024-08-01T20:47:41.185Z

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.

Published: 2024-05-06T13:51:07.049Z
Updated: 2024-08-01T20:47:40.056Z

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field

Published: 2024-05-06T13:48:08.737Z
Updated: 2024-08-01T20:47:40.554Z

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.

Published: 2024-10-03T22:28:35.364Z
Updated: 2024-10-04T14:15:27.750Z

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.

Published: 2024-10-03T22:32:59.999Z
Updated: 2024-10-04T14:14:32.287Z

SQL injection vulnerability exists in the script Handler_CFG.ashx.

Published: 2024-03-21T22:07:18.175Z
Updated: 2024-08-12T20:09:47.869Z

It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.

Published: 2024-03-21T22:19:36.480Z
Updated: 2024-08-28T14:18:49.656Z

Improper neutralization of input within the affected product could lead to cross-site scripting.

Published: 2024-03-21T22:24:12.286Z
Updated: 2024-08-02T00:48:47.822Z

SQL injection vulnerability exists in GetDIAE_astListParameters.

Published: 2024-03-21T22:13:40.119Z
Updated: 2024-08-12T20:14:25.821Z

Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.

Published: 2024-03-21T22:04:57.512Z
Updated: 2024-10-17T18:45:56.861Z

SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.

Published: 2024-03-21T22:09:33.976Z
Updated: 2024-08-14T15:43:50.463Z

SQL injection vulnerability exists in GetDIAE_usListParameters.

Published: 2024-04-01T16:04:46.800Z
Updated: 2024-08-01T23:44:09.659Z

Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.

Published: 2024-03-21T22:22:17.780Z
Updated: 2024-08-01T23:44:09.621Z

SQL injection vulnerability exists in GetDIAE_slogListParameters.

Published: 2024-03-21T22:15:33.833Z
Updated: 2024-08-12T20:27:50.352Z

SQL injection vulnerability exists in GetDIAE_unListParameters.

Published: 2024-03-21T22:16:52.975Z
Updated: 2024-08-12T20:08:11.574Z

The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.

Published: 2023-02-17T16:46:21.643Z
Updated: 2025-01-16T21:56:07.791Z

SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

Published: 2022-11-17T22:45:55.514Z
Updated: 2025-04-16T17:42:35.524Z

SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

Published: 2022-11-17T22:45:54.782Z
Updated: 2024-10-15T18:34:46.178Z

SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

Published: 2022-11-17T22:45:55.011Z
Updated: 2025-04-16T17:42:54.049Z

SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

Published: 2022-11-17T22:45:54.530Z
Updated: 2025-04-16T17:43:04.159Z

SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

Published: 2022-11-17T22:45:55.264Z
Updated: 2025-04-16T17:42:46.800Z

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.

Published: 2022-10-27T20:15:38.645Z
Updated: 2025-04-16T17:45:10.058Z

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.

Published: 2022-10-27T20:15:39.344Z
Updated: 2025-04-16T17:44:33.826Z

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.

Published: 2022-10-27T20:15:38.365Z
Updated: 2025-04-16T17:45:23.534Z

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.

Published: 2022-10-27T20:15:39.114Z
Updated: 2025-04-16T17:44:44.667Z

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.

Published: 2022-10-27T20:15:37.817Z
Updated: 2025-04-16T17:45:48.514Z

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.

Published: 2022-10-27T20:15:38.873Z
Updated: 2025-04-16T17:44:56.844Z

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.

Published: 2022-10-27T20:15:38.073Z
Updated: 2025-04-16T17:45:38.090Z

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.

Published: 2022-10-27T20:15:37.542Z
Updated: 2025-04-16T17:45:59.099Z

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to  1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.

Published: 2022-09-16T18:05:41.000Z
Updated: 2024-08-03T01:00:10.813Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-03-29T16:37:15.390Z
Updated: 2025-04-16T16:35:06.259Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-03-29T16:37:10.562Z
Updated: 2025-04-16T16:35:54.819Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.

Published: 2022-03-29T16:37:14.522Z
Updated: 2025-04-16T17:58:28.610Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-03-29T16:37:09.752Z
Updated: 2025-04-16T16:36:05.108Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-03-29T16:37:13.735Z
Updated: 2025-04-16T16:35:14.982Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-03-29T16:37:11.423Z
Updated: 2025-04-16T16:35:44.682Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-03-29T16:37:12.212Z
Updated: 2025-04-16T16:35:33.945Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-03-29T16:37:08.970Z
Updated: 2025-04-16T16:36:15.877Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-03-29T16:37:12.974Z
Updated: 2025-04-16T16:35:25.209Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-03-29T16:37:05.023Z
Updated: 2025-04-16T16:37:06.445Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-03-29T16:37:08.222Z
Updated: 2025-04-16T16:36:24.327Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-03-29T16:37:01.122Z
Updated: 2025-04-16T16:37:44.852Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-03-29T16:37:07.369Z
Updated: 2025-04-16T16:36:34.814Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-03-29T16:37:03.370Z
Updated: 2025-04-16T16:37:32.829Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-03-29T16:37:06.548Z
Updated: 2025-04-16T16:36:44.618Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.

Published: 2022-03-29T16:37:04.204Z
Updated: 2025-04-16T16:37:18.369Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-05-02T18:12:12.000Z
Updated: 2025-04-16T16:25:55.979Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-05-02T18:11:25.000Z
Updated: 2025-04-16T16:26:05.775Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-05-02T18:10:38.000Z
Updated: 2025-04-16T16:26:16.352Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-05-02T18:09:44.000Z
Updated: 2025-04-16T16:26:26.442Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-05-02T18:08:51.000Z
Updated: 2025-04-16T16:26:36.122Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-05-02T18:08:06.000Z
Updated: 2025-04-16T16:26:50.233Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-05-02T18:06:30.000Z
Updated: 2025-04-16T16:26:57.363Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-05-02T18:05:34.000Z
Updated: 2025-04-16T16:27:05.976Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-05-02T18:03:59.000Z
Updated: 2025-04-16T16:27:13.375Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-05-02T18:02:31.000Z
Updated: 2025-04-16T16:27:21.544Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-05-02T18:01:09.000Z
Updated: 2025-04-16T16:27:29.008Z

Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges

Published: 2022-04-01T22:17:22.593Z
Updated: 2025-04-16T17:57:58.352Z

Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.

Published: 2022-03-25T18:02:30.522Z
Updated: 2025-04-16T16:38:11.591Z

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Published: 2022-03-29T16:37:05.764Z
Updated: 2025-04-16T16:36:54.593Z

DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.

Published: 2021-12-22T18:06:50.589Z
Updated: 2024-09-17T01:41:11.354Z

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”.

Published: 2021-12-22T18:06:49.880Z
Updated: 2024-09-16T23:26:35.646Z

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.

Published: 2021-08-30T17:31:10.000Z
Updated: 2024-08-04T01:37:16.590Z

A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.

Published: 2021-08-30T17:30:50.000Z
Updated: 2024-08-04T01:37:16.565Z

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.

Published: 2021-08-30T17:33:30.000Z
Updated: 2024-08-04T01:37:16.567Z

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.

Published: 2021-08-30T17:10:59.000Z
Updated: 2024-08-03T23:42:19.603Z

Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.

Published: 2021-08-30T17:12:38.000Z
Updated: 2024-08-03T23:42:18.968Z

A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.

Published: 2021-08-30T17:33:25.000Z
Updated: 2024-08-03T23:42:19.081Z

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.

Published: 2021-08-30T17:11:08.000Z
Updated: 2024-08-03T23:33:55.907Z

Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code.

Published: 2021-08-30T17:11:16.000Z
Updated: 2024-08-03T23:33:56.069Z

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.

Published: 2021-12-22T18:06:51.363Z
Updated: 2024-09-16T18:40:05.583Z

DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.

Published: 2021-12-22T18:06:52.089Z
Updated: 2024-09-17T02:36:27.721Z