cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-43699,https://securityvulnerability.io/vulnerability/CVE-2024-43699,Vulnerability in DIAEnergie Script AM_RegReport.aspx Allows Unauthenticated Access to Confidential Data,"Delta Electronics DIAEnergie contains a vulnerability due to improper input validation in the AM_RegReport.aspx script, which can be exploited through SQL injection. This flaw allows an unauthenticated attacker to potentially access sensitive records stored within the product, posing significant security risks. It is crucial for users and administrators of DIAEnergie to implement appropriate security measures to mitigate this vulnerability.",Delta Electronics DIAEnergie,Diaenergie,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-03T23:15:00.000Z,0
CVE-2024-42417,https://securityvulnerability.io/vulnerability/CVE-2024-42417,SQL Injection Vulnerability in Delta Electronics DIAEnergie's Handler_CFG.ashx Could Delay Targeted Product,"Delta Electronics' DIAEnergie product is susceptible to an SQL injection vulnerability located in the Handler_CFG.ashx script. This flaw can be exploited by authenticated attackers to introduce malicious SQL queries that may impact the functionality of the product, causing potential delays. Users are advised to review their security practices and consider implementing all necessary updates to mitigate risks associated with this vulnerability.",Delta Electronics DIAEnergie,Diaenergie,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-03T23:15:00.000Z,0
CVE-2024-4549,https://securityvulnerability.io/vulnerability/CVE-2024-4549,Delta Electronics DIAEnergie v1.10.1.8610 and Prior Faces Denial of Service Vulnerability,"A denial of service vulnerability is present in Delta Electronics DIAEnergie software versions up to v1.10.1.8610. This vulnerability is triggered when the system processes a specific instruction known as the 'ICS Restart!' message, leading to an unintentional restart of the CEBC.exe process. This unintended behavior can disrupt operations and may lead to a temporary loss of service, potentially impacting users relying on the software. Immediate assessment and mitigation strategies are advised for affected installations.",Delta Electronics,Diaenergie,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T13:54:32.808Z,0
CVE-2024-4548,https://securityvulnerability.io/vulnerability/CVE-2024-4548,SQLi Vulnerability in DIAEnergie v1.10.1.8610 and Prior,"An SQL Injection vulnerability exists in Delta Electronics DIAEnergie software versions v1.10.1.8610 and earlier. This issue occurs during the processing of a 'RecalculateHDMWYC' message in the CEBC.exe component, where the message is divided into four fields using the '~' character as a delimiter. An unauthenticated remote attacker could exploit this vulnerability by injecting malicious SQL commands via the fourth field, potentially compromising the security and integrity of the database.",Delta Electronics,Diaenergie,9.8,CRITICAL,0.002899999963119626,false,,false,false,false,,,false,false,,2024-05-06T13:51:07.049Z,0
CVE-2024-4547,https://securityvulnerability.io/vulnerability/CVE-2024-4547,Unauthenticated Remote SQLi Vulnerability in DIAEnergie,"A SQL injection vulnerability has been identified in the Delta Electronics DIAEnergie software, particularly impacting versions v1.10.1.8610 and earlier. This vulnerability occurs when the software's CEBC.exe component processes a 'RecalculateScript' message, which is segmented using the '~' character. An unauthenticated remote attacker may be able to exploit this flaw by manipulating the message's fourth field, potentially executing unauthorized SQL queries. This can lead to unauthorized data access, data modification, or other malicious activities targeting the affected systems.",Delta Electronics,Diaenergie,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T13:48:08.737Z,0
CVE-2024-34031,https://securityvulnerability.io/vulnerability/CVE-2024-34031," SQL Injection vulnerability in Delta Electronics DIAEnergie ","Delta Electronics DIAEnergie software is vulnerable to an SQL injection flaw in the Handler_CFG.ashx script, allowing authenticated attackers to execute arbitrary SQL commands. This vulnerability could potentially enable attackers to access, modify, or compromise sensitive information stored within the DIAEnergie system. Implementing measures to secure the affected product versions is crucial to prevent exploitation and safeguard operational integrity.",Delta Electronics,Diaenergie,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-05-03T01:15:00.000Z,0
CVE-2024-34033,https://securityvulnerability.io/vulnerability/CVE-2024-34033,"Path Traversal vulnerability in Delta Electronics DIAEnergie ","The vulnerability in Delta Electronics DIAEnergie is characterized by inadequate input validation, which opens the door for path traversal attacks. Attackers can manipulate input to gain unauthorized access to the system's file structure, allowing them to write files outside of the designated directory. This can lead not only to the overwriting of existing files but also to potential disruption of services and data integrity. Organizations utilizing DIAEnergie should take immediate action to mitigate the risks associated with this vulnerability.",Delta Electronics,Diaenergie,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-05-03T01:15:00.000Z,0
CVE-2024-34032,https://securityvulnerability.io/vulnerability/CVE-2024-34032,"SQL Injection in Delta Electronics DIAEnergie ","Delta Electronics DIAEnergie contains an SQL injection vulnerability found in the GetDIACloudList endpoint. This flaw can be exploited by authenticated attackers to execute malicious SQL queries, potentially allowing them to manipulate the database and gain unauthorized access to sensitive information. Organizations using DIAEnergie should apply the latest security patches and implement best practices to safeguard their systems against such vulnerabilities.",Delta Electronics,Diaenergie,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-05-03T01:15:00.000Z,0
CVE-2024-25574,https://securityvulnerability.io/vulnerability/CVE-2024-25574,Delta Electronics DIAEnergie SQL Injection,"A SQL injection vulnerability is identified in GetDIAE_usListParameters, allowing attackers to manipulate SQL queries through user input. This vulnerability poses significant security risks, enabling unauthorized access to sensitive data within affected systems. Improper input validation in the application allows attackers to exploit this flaw, potentially leading to data leaks and substantial impacts on data integrity. Organizations utilizing this product should be vigilant about patching and implementing security best practices to mitigate the risk associated with this vulnerability.",Delta Electronics,Diaenergie,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-01T16:15:00.000Z,0
CVE-2024-28045,https://securityvulnerability.io/vulnerability/CVE-2024-28045,Cross-Site Scripting Vulnerability in Product Y,"
Improper neutralization of input within the affected product could lead to cross-site scripting.

",Delta Electronics,Diaenergie,4.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-21T22:24:12.286Z,0
CVE-2024-25567,https://securityvulnerability.io/vulnerability/CVE-2024-25567,Path Traversal Attack Risk: Write Outside Intended Directory and Access Sensitive Information,"A path traversal vulnerability exists in XYZ product by ABC Vendor, enabling attackers to manipulate file paths to write data outside the designated directory. This flaw allows unauthorized access to sensitive information and poses risks as existing files on the system can be overwritten if attackers specify a filename that matches one already on the server. Organizations using affected versions of XYZ product should prioritize patching to safeguard against potential data breaches.",Delta Electronics,Diaenergie,8.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-21T22:22:17.780Z,0
CVE-2024-28171,https://securityvulnerability.io/vulnerability/CVE-2024-28171,Path Traversal Vulnerability Affects Windows File Explorer,"An identified vulnerability enables attackers to exploit path traversal flaws in specific products by Vendor, allowing them to manipulate file paths and write files outside the intended target directory. If a malicious user specifies an existing file name, the attack leads to the overwriting of critical files, which may compromise the integrity and security of the system's data, highlighting a need for prompt remediation.",Delta Electronics,Diaenergie,8.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-21T22:19:36.480Z,0
CVE-2024-23494,https://securityvulnerability.io/vulnerability/CVE-2024-23494,SQL Injection Vulnerability in GetDIAE unListParameters,"A SQL injection vulnerability exists in the GetDIAE_unListParameters component of the GetDIAE product by CISA. This vulnerability allows attackers to execute arbitrary SQL queries against the database, potentially leading to unauthorized access to sensitive information or modification of data. Proper validation of user input is critical to mitigate this risk. Organizations using affected versions should prioritize applying security measures to safeguard their systems from exploitation.",Delta Electronics,Diaenergie,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-21T22:16:52.975Z,0
CVE-2024-23975,https://securityvulnerability.io/vulnerability/CVE-2024-23975,SQL Injection Vulnerability Discovered in GetDIAE's slogListParameters,"A SQL injection vulnerability exists in the GetDIAE_slogListParameters component, allowing attackers to execute arbitrary SQL queries within the application. This could potentially lead to unauthorized access to sensitive data or manipulation of the database. Proper validation and sanitization mechanisms are essential to mitigate the risk associated with this vulnerability.",Delta Electronics,Diaenergie,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-21T22:15:33.833Z,0
CVE-2024-28040,https://securityvulnerability.io/vulnerability/CVE-2024-28040,SQL Injection Vulnerability in GetDIAE's astListParameters,"An SQL injection vulnerability has been identified in the GetDIAE_astListParameters, which can allow an attacker to manipulate database queries. This exploitation can lead to unauthorized access to sensitive data and system compromise. Users of affected versions are advised to apply mitigations and updates immediately to prevent potential data breaches and maintain system integrity.",Delta Electronics,Diaenergie,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-21T22:13:40.119Z,0
CVE-2024-25937,https://securityvulnerability.io/vulnerability/CVE-2024-25937,SQL Injection Vulnerability in DIAE_tagHandler.ashx,"A SQL injection vulnerability exists within the script DIAE_tagHandler.ashx utilized by various applications from the vendor. This vulnerability can potentially allow an attacker to manipulate database queries, leading to unauthorized data exposure or modification. Organizations using affected products are strongly advised to implement necessary security measures to mitigate any risks associated with this vulnerability.",Delta Electronics,Diaenergie,8.8,HIGH,0.0005799999926239252,false,,false,false,false,,,false,false,,2024-03-21T22:09:33.976Z,0
CVE-2024-28891,https://securityvulnerability.io/vulnerability/CVE-2024-28891,SQL Injection Vulnerability Discovered in Handler_CFG.ashx,"An SQL injection vulnerability exists within the Handler_CFG.ashx script that could allow unauthorized access to database commands. This vulnerability poses a risk as it may enable attackers to manipulate SQL queries by injecting malicious input, potentially leading to data leakage or manipulation. Due to the nature of this vulnerability, it is crucial for users of the affected products to implement mitigative measures and patch any systems at risk. Further details can be referenced in the advisory from CISA.",Delta Electronics,Diaenergie,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-21T22:07:18.175Z,0
CVE-2024-28029,https://securityvulnerability.io/vulnerability/CVE-2024-28029,Server-side Privileges Vulnerability: Unverified Privileges Can Be Abused,"The vulnerability arises from insufficient validation of user privileges on the server-side, allowing an attacker with limited privileges to manipulate authorization processes. This design flaw exposes sensitive functionalities that are not meant to be accessible to unauthorized users, ultimately compromising the integrity of the affected system. Such bypass capabilities can lead to extensive security implications, necessitating immediate attention and remediation from the vendor.",Delta Electronics,Diaenergie,8.8,HIGH,0.0005799999926239252,false,,false,false,false,,,false,false,,2024-03-21T22:04:57.512Z,0
CVE-2023-0822,https://securityvulnerability.io/vulnerability/CVE-2023-0822,Improper Authorization,"DIAEnergie prior to version 1.9.03.001 is susceptible to improper authorization, enabling unauthorized users to bypass security measures and gain access to sensitive features. This vulnerability poses significant risks to the confidentiality and integrity of the system, as malicious entities may exploit it to manipulate or extract privileged information.",Delta Electronics,Diaenergie,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-02-17T17:15:00.000Z,0
CVE-2022-43506,https://securityvulnerability.io/vulnerability/CVE-2022-43506,Delta Electronics DIAEnergie SQL Injection,"SQL Injection in 



HandlerTag_KID.ashx



in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network",Delta Electronics,Diaenergie,8.8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2022-11-17T22:45:55.514Z,0
CVE-2022-41775,https://securityvulnerability.io/vulnerability/CVE-2022-41775,Delta Electronics DIAEnergie SQL Injection,"SQL Injection in 







Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network",Delta Electronics,Diaenergie,8.8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2022-11-17T22:45:55.264Z,0
CVE-2022-43452,https://securityvulnerability.io/vulnerability/CVE-2022-43452,Delta Electronics DIAEnergie SQL Injection,"SQL Injection in 













FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network",Delta Electronics,Diaenergie,8.8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2022-11-17T22:45:55.011Z,0
CVE-2022-43457,https://securityvulnerability.io/vulnerability/CVE-2022-43457,Delta Electronics DIAEnergie SQL Injection,"SQL Injection in 











HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network",Delta Electronics,Diaenergie,8.8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2022-11-17T22:45:54.782Z,0
CVE-2022-43447,https://securityvulnerability.io/vulnerability/CVE-2022-43447,Delta Electronics DIAEnergie SQL Injection,"SQL Injection in 









AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network",Delta Electronics,Diaenergie,8.8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2022-11-17T22:45:54.530Z,0
CVE-2022-41133,https://securityvulnerability.io/vulnerability/CVE-2022-41133,Delta Electronics DIAEnergie,The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.,Delta Electronics,Diaenergie,8.8,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2022-10-27T21:15:00.000Z,0