Filtered by vendor Deltaww
Subscribe
Total
285 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38402 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process.
|
|||||
| CVE-2021-38393 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.
|
|||||
| CVE-2021-38391 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.
|
|||||
| CVE-2021-38390 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.
|
|||||
| CVE-2021-33019 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2021-33007 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2021-33003 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.
|
|||||
| CVE-2021-32991 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.
|
|||||
| CVE-2021-32983 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.
|
|||||
| CVE-2021-32969 | 1 Deltaww | 1 Diascreen | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code.
|
|||||
| CVE-2021-32967 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.
|
|||||
| CVE-2021-32965 | 1 Deltaww | 1 Diascreen | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.
|
|||||
| CVE-2021-32955 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code.
|
|||||
| CVE-2021-31558 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.
|
|||||
| CVE-2021-27480 | 1 Deltaww | 1 Industrial Automation Commgr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code.
|
|||||
| CVE-2021-27455 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information.
|
|||||
| CVE-2021-27412 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2021-23228 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.
|
|||||
| CVE-2021-22672 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 could allow the corruption of data, a denial-of-service condition, or code execution. The vulnerability may allow an attacker to remotely execute arbitrary code.
|
|||||
| CVE-2021-22668 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2020-7002 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file.
|
|||||
| CVE-2020-6976 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation.
|
|||||
| CVE-2020-27293 | 1 Deltaww | 1 Cncsoft-b | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2020-27291 | 1 Deltaww | 1 Cncsoft-b | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2020-27289 | 1 Deltaww | 1 Cncsoft-b | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2020-27288 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
|
|||||
| CVE-2020-27287 | 1 Deltaww | 1 Cncsoft-b | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2020-27284 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write instances in the way it processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
|
|||||
| CVE-2020-27281 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2020-27280 | 1 Deltaww | 1 Ispsoft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution.
|
|||||
| CVE-2020-27277 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2020-27275 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2020-16227 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
|
|||||
| CVE-2020-16225 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
|
|||||
| CVE-2020-16223 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
|
|||||
| CVE-2020-16221 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
|
|||||
| CVE-2020-16219 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
|
|||||
| CVE-2020-16203 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. An uninitialized pointer may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
|
|||||
| CVE-2020-16201 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information.
|
|||||
| CVE-2020-16199 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
|
|||||