cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-22880,https://securityvulnerability.io/vulnerability/CVE-2025-22880,Heap-Based Buffer Overflow in Delta Electronics CNCSoft-G2,"Delta Electronics CNCSoft-G2 has a vulnerability due to insufficient validation of user-supplied data length. This defect allows attackers to exploit the software when a user accesses a malicious page or file. By manipulating the input, an attacker can potentially execute arbitrary code within the context of the affected process, posing a significant risk to system integrity and security.",Delta Electronics,Cncsoft-g2,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-07T07:26:04.691Z,0
CVE-2024-47131,https://securityvulnerability.io/vulnerability/CVE-2024-47131,Stack-Based Buffer Overflow Vulnerability in Delta Electronics DIAScreen,"A vulnerability in Delta Electronics DIAScreen allows attackers to exploit a stack-based buffer overflow by deceiving a valid user to execute a file with malicious code. This could enable remote execution of arbitrary code, compromising the integrity and security of the system.",Delta Electronics,DIAScreen,7.8,HIGH,0.0012499999720603228,false,,false,false,false,,,false,false,,2024-11-11T15:15:00.000Z,0
CVE-2024-39605,https://securityvulnerability.io/vulnerability/CVE-2024-39605,Stack-Based Buffer Overflow in Delta Electronics DIAScreen,"A stack-based buffer overflow vulnerability exists in Delta Electronics DIAScreen that can be exploited if an attacker convinces a valid user to execute the software with a specially crafted file containing malicious code. This flaw may allow the attacker to execute arbitrary code remotely, posing significant security risks to users of the affected product. It is crucial for users to apply the latest patches to mitigate potential exploits.",Delta Electronics,DIAScreen,7.8,HIGH,0.0012499999720603228,false,,false,false,false,,,false,false,,2024-11-11T15:15:00.000Z,0
CVE-2024-39354,https://securityvulnerability.io/vulnerability/CVE-2024-39354,Stack-Based Buffer Overflow in Delta Electronics DIAScreen,"A vulnerability exists in Delta Electronics DIAScreen, where an attacker can exploit a stack-based buffer overflow in the CEtherIPTagItem component. If a valid user unknowingly opens a specially crafted file containing malicious code, the attacker can remotely execute arbitrary code on the affected system. This poses significant risks to operational integrity, data security, and system reliability for users of DIAScreen.",Delta Electronics,Diascreen,7.8,HIGH,0.0012499999720603228,false,,false,false,false,,,false,false,,2024-11-11T15:15:00.000Z,0
CVE-2024-10456,https://securityvulnerability.io/vulnerability/CVE-2024-10456,Deserialization Vulnerability Affects Delta Electronics' InfraSuite Device Master,"Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are susceptible to a deserialization vulnerability that affects the Device-Gateway component. This vulnerability allows the deserialization of arbitrary .NET objects even before authentication is completed. Exploiting this flaw can lead to potential unauthorized actions or information leakage, thereby posing significant risks to the operational integrity and security of the affected systems.",Delta Electronics,Infrasuite Device Master,9.8,CRITICAL,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-10-30T18:04:52.786Z,0
CVE-2024-47966,https://securityvulnerability.io/vulnerability/CVE-2024-47966,Delta Electronics CNCSoft-G2 Memory Initialization Vulnerability,"The CNCSoft-G2 software by Delta Electronics contains a vulnerability related to improper memory initialization prior to access. This flaw could allow an attacker to craft a malicious web page or file. If a user interacts with this malicious content, the attacker may execute arbitrary code in the security context of the affected software. It is crucial for users to ensure their systems are updated and follow best security practices to mitigate the risks associated with this vulnerability.",Delta Electronics,Cncsoft-g2,7.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-10T17:18:58.817Z,0
CVE-2024-47965,https://securityvulnerability.io/vulnerability/CVE-2024-47965,Buffer Overflow Vulnerability in CNCSoft-G2 Could Lead to Code Execution,"The vulnerability in Delta Electronics CNCSoft-G2 arises from inadequate validation of data supplied by users, allowing attackers to manipulate user interactions. This may lead to code execution in the context of the current process, posing significant risks to system integrity. Attackers can exploit this issue by directing users to malicious pages or files, facilitating unauthorized access and control over the affected system.",Delta Electronics,Cncsoft-g2,7.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-10T17:18:01.407Z,0
CVE-2024-47964,https://securityvulnerability.io/vulnerability/CVE-2024-47964,Delta Electronics CNCSoft-G2: Inadequate User-Supplied Data Validation Key Vulnerability,"The Delta Electronics CNCSoft-G2 software exhibits a vulnerability due to improper validation of user-supplied data length before copying it to a heap-based buffer with a fixed length. This flaw allows a malicious actor to potentially exploit the vulnerability by enticing users to open a specially crafted web page or file, leading to arbitrary code execution in the context of the current process. This situation poses significant risks, as it can compromise system integrity, allowing attackers to manipulate the operations of CNC machines or download additional malicious payloads.",Delta Electronics,Cncsoft-g2,7.8,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2024-10-10T17:16:51.747Z,0
CVE-2024-47963,https://securityvulnerability.io/vulnerability/CVE-2024-47963,Vulnerability in Delta Electronics CNCSoft-G2 Allow Manipulation of User-Supplied Data,"Delta Electronics' CNCSoft-G2 is susceptible to a vulnerability resulting from inadequate validation of user-supplied data. This shortcoming allows attackers to exploit the system, potentially leading to unauthorized code execution by tricking users into engaging with a malicious webpage or file. This issue poses significant risks, as it could enable attackers to compromise the integrity of the affected processes and machinery.",Delta Electronics,Cncsoft-g2,7.8,HIGH,0.0009299999801442027,false,,false,false,false,,,false,false,,2024-10-10T17:15:54.044Z,0
CVE-2024-47962,https://securityvulnerability.io/vulnerability/CVE-2024-47962,Stack-based Buffer Overflow Vulnerability in Delta Electronics CNCSoft-G2,"The vulnerability in Delta Electronics CNCSoft-G2 arises from inadequate validation of user-supplied data length before it is copied to a fixed-length stack-based buffer. This flaw allows an attacker to potentially exploit the vulnerability by tricking an insider user into accessing a malicious web page or file. If successfully executed, this could lead to arbitrary code execution within the context of the application, posing significant risks to systems utilizing the affected software.",Delta Electronics,Cncsoft-g2,7.8,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2024-10-10T17:14:30.805Z,0
CVE-2024-43699,https://securityvulnerability.io/vulnerability/CVE-2024-43699,Vulnerability in DIAEnergie Script AM_RegReport.aspx Allows Unauthenticated Access to Confidential Data,"Delta Electronics DIAEnergie contains a vulnerability due to improper input validation in the AM_RegReport.aspx script, which can be exploited through SQL injection. This flaw allows an unauthenticated attacker to potentially access sensitive records stored within the product, posing significant security risks. It is crucial for users and administrators of DIAEnergie to implement appropriate security measures to mitigate this vulnerability.",Delta Electronics DIAEnergie,Diaenergie,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-03T23:15:00.000Z,0
CVE-2024-42417,https://securityvulnerability.io/vulnerability/CVE-2024-42417,SQL Injection Vulnerability in Delta Electronics DIAEnergie's Handler_CFG.ashx Could Delay Targeted Product,"Delta Electronics' DIAEnergie product is susceptible to an SQL injection vulnerability located in the Handler_CFG.ashx script. This flaw can be exploited by authenticated attackers to introduce malicious SQL queries that may impact the functionality of the product, causing potential delays. Users are advised to review their security practices and consider implementing all necessary updates to mitigate risks associated with this vulnerability.",Delta Electronics DIAEnergie,Diaenergie,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-03T23:15:00.000Z,0
CVE-2024-8255,https://securityvulnerability.io/vulnerability/CVE-2024-8255,Remote Code Execution Vulnerability in Delta Electronics DTN Soft,"Delta Electronics DTN Soft, specifically version 2.0.1 and earlier, contains a vulnerability that permits attackers to perform remote code execution. This vulnerability arises from improperly handling deserialization of untrusted data, potentially allowing malicious actors to manipulate or execute arbitrary code on affected systems. Users and organizations utilizing this software should take prompt action to mitigate risks associated with this vulnerability, including updating to the latest software versions and implementing necessary security measures.",Delta Electronics,Dtn Soft,9.8,CRITICAL,0.0012600000482052565,false,,false,false,false,,,false,false,,2024-08-29T15:18:23.355Z,0
CVE-2024-39881,https://securityvulnerability.io/vulnerability/CVE-2024-39881,Memory Corruption Vulnerability in Delta Electronics CNCSoft-G2 Allows Execution of Code in Context of Current Process,"The vulnerability in Delta Electronics CNCSoft-G2 arises from a lack of proper validation of user-supplied data, leading to possible memory corruption. An attacker can exploit this vulnerability by enticing a target user to visit a compromised webpage or open a malicious file. This action may allow the attacker to execute arbitrary code within the context of the vulnerable process, potentially impacting the integrity and confidentiality of the information handled by the CNCSoft-G2 software. Organizations using this product should consider applying necessary patches and reviewing their security policies to mitigate potential threats.",Delta Electronics,Cncsoft-g2,8.8,HIGH,0.0019600000232458115,false,,false,false,false,,,false,false,,2024-07-09T22:15:00.000Z,0
CVE-2024-39882,https://securityvulnerability.io/vulnerability/CVE-2024-39882,Buffer Overflow Vulnerability in CNCSoft-G2 Could Lead to Code Execution,"The vulnerability in Delta Electronics' CNCSoft-G2 arises from inadequate validation of user-supplied data, enabling attackers to exploit a buffer overflow. By triggering this condition through interaction with a malicious web page or file, an attacker can execute arbitrary code within the context of the vulnerable process. This exposure necessitates immediate attention to establish proper input validation mechanisms and mitigate such security risks.",Delta Electronics,Cncsoft-g2,8.8,HIGH,0.0024399999529123306,false,,false,false,false,,,false,false,,2024-07-09T22:15:00.000Z,0
CVE-2024-39880,https://securityvulnerability.io/vulnerability/CVE-2024-39880,Buffer Overflow Vulnerability in CNCSoft-G2,"The Delta Electronics CNCSoft-G2 software is vulnerable due to inadequate validation of the length of user-supplied data before copying it to a fixed-length stack-based buffer. Attackers could exploit this vulnerability when a user visits a specially crafted malicious webpage or opens a malicious file, enabling potential code execution in the context of the current process. This flaw poses significant risks to the integrity of systems utilizing the CNCSoft-G2 software, emphasizing the need for immediate remediation to mitigate possible threats.",Delta Electronics,Cncsoft-g2,8.8,HIGH,0.0013500000350177288,false,,false,false,false,,,false,false,,2024-07-09T22:15:00.000Z,0
CVE-2024-39883,https://securityvulnerability.io/vulnerability/CVE-2024-39883,Alpha Attack: Lack of Validation Exposes CNCSoft-G2 to Code Execution,"The CNCSoft-G2 application from Delta Electronics is susceptible to a heap-based buffer overflow vulnerability due to improper validation of user-supplied data length. This vulnerability can be exploited by an attacker who tricks a user into visiting a malicious webpage or opening a malicious file. Successfully exploiting this vulnerability could allow the attacker to execute arbitrary code in the context of the affected process, potentially compromising system integrity and exposing sensitive information. Operators are advised to implement proper security measures to mitigate the risk associated with this vulnerability.",Delta Electronics,Cncsoft-g2,8.8,HIGH,0.0019600000232458115,false,,false,false,false,,,false,false,,2024-07-09T22:15:00.000Z,0
CVE-2024-4549,https://securityvulnerability.io/vulnerability/CVE-2024-4549,Delta Electronics DIAEnergie v1.10.1.8610 and Prior Faces Denial of Service Vulnerability,"A denial of service vulnerability is present in Delta Electronics DIAEnergie software versions up to v1.10.1.8610. This vulnerability is triggered when the system processes a specific instruction known as the 'ICS Restart!' message, leading to an unintentional restart of the CEBC.exe process. This unintended behavior can disrupt operations and may lead to a temporary loss of service, potentially impacting users relying on the software. Immediate assessment and mitigation strategies are advised for affected installations.",Delta Electronics,Diaenergie,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T13:54:32.808Z,0
CVE-2024-4548,https://securityvulnerability.io/vulnerability/CVE-2024-4548,SQLi Vulnerability in DIAEnergie v1.10.1.8610 and Prior,"An SQL Injection vulnerability exists in Delta Electronics DIAEnergie software versions v1.10.1.8610 and earlier. This issue occurs during the processing of a 'RecalculateHDMWYC' message in the CEBC.exe component, where the message is divided into four fields using the '~' character as a delimiter. An unauthenticated remote attacker could exploit this vulnerability by injecting malicious SQL commands via the fourth field, potentially compromising the security and integrity of the database.",Delta Electronics,Diaenergie,9.8,CRITICAL,0.002899999963119626,false,,false,false,false,,,false,false,,2024-05-06T13:51:07.049Z,0
CVE-2024-4547,https://securityvulnerability.io/vulnerability/CVE-2024-4547,Unauthenticated Remote SQLi Vulnerability in DIAEnergie,"A SQL injection vulnerability has been identified in the Delta Electronics DIAEnergie software, particularly impacting versions v1.10.1.8610 and earlier. This vulnerability occurs when the software's CEBC.exe component processes a 'RecalculateScript' message, which is segmented using the '~' character. An unauthenticated remote attacker may be able to exploit this flaw by manipulating the message's fourth field, potentially executing unauthorized SQL queries. This can lead to unauthorized data access, data modification, or other malicious activities targeting the affected systems.",Delta Electronics,Diaenergie,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T13:48:08.737Z,0
CVE-2024-34031,https://securityvulnerability.io/vulnerability/CVE-2024-34031," SQL Injection vulnerability in Delta Electronics DIAEnergie ","Delta Electronics DIAEnergie software is vulnerable to an SQL injection flaw in the Handler_CFG.ashx script, allowing authenticated attackers to execute arbitrary SQL commands. This vulnerability could potentially enable attackers to access, modify, or compromise sensitive information stored within the DIAEnergie system. Implementing measures to secure the affected product versions is crucial to prevent exploitation and safeguard operational integrity.",Delta Electronics,Diaenergie,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-05-03T01:15:00.000Z,0
CVE-2024-34032,https://securityvulnerability.io/vulnerability/CVE-2024-34032,"SQL Injection in Delta Electronics DIAEnergie ","Delta Electronics DIAEnergie contains an SQL injection vulnerability found in the GetDIACloudList endpoint. This flaw can be exploited by authenticated attackers to execute malicious SQL queries, potentially allowing them to manipulate the database and gain unauthorized access to sensitive information. Organizations using DIAEnergie should apply the latest security patches and implement best practices to safeguard their systems against such vulnerabilities.",Delta Electronics,Diaenergie,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-05-03T01:15:00.000Z,0
CVE-2024-34033,https://securityvulnerability.io/vulnerability/CVE-2024-34033,"Path Traversal vulnerability in Delta Electronics DIAEnergie ","The vulnerability in Delta Electronics DIAEnergie is characterized by inadequate input validation, which opens the door for path traversal attacks. Attackers can manipulate input to gain unauthorized access to the system's file structure, allowing them to write files outside of the designated directory. This can lead not only to the overwriting of existing files but also to potential disruption of services and data integrity. Organizations utilizing DIAEnergie should take immediate action to mitigate the risks associated with this vulnerability.",Delta Electronics,Diaenergie,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-05-03T01:15:00.000Z,0
CVE-2024-25574,https://securityvulnerability.io/vulnerability/CVE-2024-25574,Delta Electronics DIAEnergie SQL Injection,"A SQL injection vulnerability is identified in GetDIAE_usListParameters, allowing attackers to manipulate SQL queries through user input. This vulnerability poses significant security risks, enabling unauthorized access to sensitive data within affected systems. Improper input validation in the application allows attackers to exploit this flaw, potentially leading to data leaks and substantial impacts on data integrity. Organizations utilizing this product should be vigilant about patching and implementing security best practices to mitigate the risk associated with this vulnerability.",Delta Electronics,Diaenergie,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-01T16:15:00.000Z,0
CVE-2024-25567,https://securityvulnerability.io/vulnerability/CVE-2024-25567,Path Traversal Attack Risk: Write Outside Intended Directory and Access Sensitive Information,"A path traversal vulnerability exists in XYZ product by ABC Vendor, enabling attackers to manipulate file paths to write data outside the designated directory. This flaw allows unauthorized access to sensitive information and poses risks as existing files on the system can be overwritten if attackers specify a filename that matches one already on the server. Organizations using affected versions of XYZ product should prioritize patching to safeguard against potential data breaches.",Delta Electronics,Diaenergie,8.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-21T22:22:17.780Z,0