Delta Electronics DIAEnergie
Approved changes feed: RSS · Atom
cpe:2.3:a:deltaww:diaenergie:-:*:*:*:*:*:*:*
part: a version: - update: *
| Vendor | Deltaww (ad3e3879-744a-547a-8a68-13ba5faaf0a4) |
|---|---|
| Product | Diaenergie (c1325749-349e-5697-8e11-7db911aa72c6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-4549 |
vulnerable | 2026-06-03 14:57:15.730395 |
Delta Electronics DIAEnergie SQL Injection
HIGH (7.5)
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.
Published: 2024-05-06T13:54:32.808Z
Updated: 2024-08-01T20:47:41.185Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4548 |
vulnerable | 2026-06-03 14:57:15.729886 |
Delta Electronics DIAEnergie SQL Injection
CRITICAL (9.8)
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.
Published: 2024-05-06T13:51:07.049Z
Updated: 2024-08-01T20:47:40.056Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4547 |
vulnerable | 2026-06-03 14:57:15.728347 |
Delta Electronics DIAEnergie Unauthenticated SQL Injection
CRITICAL (9.8)
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field
Published: 2024-05-06T13:48:08.737Z
Updated: 2024-08-01T20:47:40.554Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34033 |
vulnerable | 2026-06-03 14:55:53.388555 |
Path Traversal vulnerability in Delta Electronics DIAEnergie
HIGH (8.8)
Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
Published: 2024-05-03T00:20:03.319Z
Updated: 2024-08-12T20:08:16.443Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34032 |
vulnerable | 2026-06-03 14:55:53.388060 |
SQL Injection in Delta Electronics DIAEnergie
HIGH (8.8)
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
Published: 2024-05-03T00:16:40.017Z
Updated: 2024-08-12T20:08:42.943Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28891 |
vulnerable | 2026-06-03 14:55:26.135421 |
Delta Electronics DIAEnergie SQL injection
HIGH (8.8)
SQL injection vulnerability exists in the script Handler_CFG.ashx.
Published: 2024-03-21T22:07:18.175Z
Updated: 2024-08-12T20:09:47.869Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28040 |
vulnerable | 2026-06-03 14:55:24.938905 |
Delta Electronics DIAEnergie SQL injection
HIGH (8.8)
SQL injection vulnerability exists in GetDIAE_astListParameters.
Published: 2024-03-21T22:13:40.119Z
Updated: 2024-08-12T20:14:25.821Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28029 |
vulnerable | 2026-06-03 14:55:24.919182 |
Client-Side Enforcement of Server-Side Security in Delta Electronics DIAEnergie
HIGH (8.8)
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
Published: 2024-03-21T22:04:57.512Z
Updated: 2024-10-17T18:45:56.861Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25574 |
vulnerable | 2026-06-03 14:55:13.700996 |
Delta Electronics DIAEnergie SQL Injection
HIGH (8.8)
SQL injection vulnerability exists in GetDIAE_usListParameters.
Published: 2024-04-01T16:04:46.800Z
Updated: 2024-08-01T23:44:09.659Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23975 |
vulnerable | 2026-06-03 14:55:05.009776 |
Delta Electronics DIAEnergie SQL injection
HIGH (8.8)
SQL injection vulnerability exists in GetDIAE_slogListParameters.
Published: 2024-03-21T22:15:33.833Z
Updated: 2024-08-12T20:27:50.352Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23494 |
vulnerable | 2026-06-03 14:55:03.967219 |
Delta Electronics DIAEnergie SQL injection
HIGH (8.8)
SQL injection vulnerability exists in GetDIAE_unListParameters.
Published: 2024-03-21T22:16:52.975Z
Updated: 2024-08-12T20:08:11.574Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.