Filtered by vendor Deltaww
Subscribe
Total
284 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47728 | 1 Deltaww | 1 Cncsoft-g2 | 2025-07-11 | N/A | 7.3 HIGH |
| Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2025-22881 | 1 Deltaww | 1 Cncsoft-g2 | 2025-07-11 | N/A | 7.8 HIGH |
| Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2025-22880 | 1 Deltaww | 1 Cncsoft-g2 | 2025-07-11 | N/A | 7.8 HIGH |
| Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2024-4192 | 1 Deltaww | 1 Cncsoft-g2 | 2025-07-10 | N/A | 7.8 HIGH |
| Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2024-4548 | 1 Deltaww | 1 Diaenergie | 2025-06-27 | N/A | 9.8 CRITICAL |
| An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field. | |||||
| CVE-2024-4547 | 1 Deltaww | 1 Diaenergie | 2025-06-27 | N/A | 9.8 CRITICAL |
| A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field | |||||
| CVE-2024-4549 | 1 Deltaww | 1 Diaenergie | 2025-06-17 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system. | |||||
| CVE-2025-22883 | 1 Deltaww | 1 Ispsoft | 2025-05-16 | N/A | 7.8 HIGH |
| Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. | |||||
| CVE-2025-4124 | 1 Deltaww | 1 Ispsoft | 2025-05-16 | N/A | 7.8 HIGH |
| Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. | |||||
| CVE-2025-4125 | 1 Deltaww | 1 Ispsoft | 2025-05-16 | N/A | 7.8 HIGH |
| Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. | |||||
| CVE-2022-43775 | 1 Deltaww | 1 Diaenergie | 2025-05-07 | N/A | 9.8 CRITICAL |
| The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||||
| CVE-2022-43774 | 1 Deltaww | 1 Diaenergie | 2025-05-07 | N/A | 9.8 CRITICAL |
| The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||||
| CVE-2022-42141 | 1 Deltaww | 2 Dx-2100-l1-cn, Dx-2100-l1-cn Firmware | 2025-04-22 | N/A | 5.4 MEDIUM |
| Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter. | |||||
| CVE-2022-42140 | 1 Deltaww | 2 Dx-2100-l1-cn, Dx-2100-l1-cn Firmware | 2025-04-22 | N/A | 7.2 HIGH |
| Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose. | |||||
| CVE-2022-42139 | 1 Deltaww | 2 Dvw-w02w2-e2, Dvw-w02w2-e2 Firmware | 2025-04-22 | N/A | 8.8 HIGH |
| Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL. | |||||
| CVE-2023-47279 | 1 Deltaww | 1 Infrasuite Device Master | 2025-04-15 | N/A | 7.5 HIGH |
| In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying. | |||||
| CVE-2023-0444 | 1 Deltaww | 1 Infrasuite Device Master | 2025-04-03 | N/A | 8.8 HIGH |
| A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privileged user to log in as an administrator. | |||||
| CVE-2024-1941 | 1 Deltaww | 1 Cncsoft-b | 2025-03-06 | N/A | 7.8 HIGH |
| Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2024-1595 | 1 Deltaww | 2 Cncsoft-b, Dopsoft | 2025-03-06 | N/A | 7.8 HIGH |
| Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed. | |||||
| CVE-2024-25574 | 1 Deltaww | 1 Diaenergie | 2025-02-27 | N/A | 8.8 HIGH |
| SQL injection vulnerability exists in GetDIAE_usListParameters. | |||||