Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
Source: ICS-CERT
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-05-03
Updated
2024-05-03
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
Source: ICS-CERT
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-05-03
Updated
2024-05-03
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
Source: ICS-CERT
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-05-03
Updated
2024-05-03
CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges.
Source: ICS-CERT
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-05-15
Updated
2024-05-16
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.
Source: ICS-CERT
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-05-15
Updated
2024-05-16
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution.
Source: ICS-CERT
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-05-15
Updated
2024-05-16
Hard-coded credentials are used by theĀ  CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application.
Source: ICS-CERT
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-05-15
Updated
2024-05-16
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server.
Source: ICS-CERT
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-05-15
Updated
2024-05-16
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered.
Source: ICS-CERT
Max CVSS
4.9
EPSS Score
0.04%
Published
2024-05-15
Updated
2024-05-16
An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code.
Source: ICS-CERT
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-05-15
Updated
2024-05-16
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious data.
Source: ICS-CERT
Max CVSS
7.7
EPSS Score
0.04%
Published
2024-05-15
Updated
2024-05-16
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any device.
Source: ICS-CERT
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-05-15
Updated
2024-05-16
IO-1020 Micro ELD web server uses a default password for authentication.
Source: ICS-CERT
Max CVSS
7.4
EPSS Score
0.04%
Published
2024-04-12
Updated
2024-04-15
IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.
Source: ICS-CERT
Max CVSS
7.4
EPSS Score
0.04%
Published
2024-04-12
Updated
2024-04-15
SQL injection vulnerability exists in the script Handler_CFG.ashx.
Source: ICS-CERT
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-22
IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code.
Source: ICS-CERT
Max CVSS
9.6
EPSS Score
0.04%
Published
2024-04-12
Updated
2024-04-15
It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
Source: ICS-CERT
Max CVSS
8.1
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-22
Improper neutralization of input within the affected product could lead to cross-site scripting.
Source: ICS-CERT
Max CVSS
4.6
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-22
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center.
Source: ICS-CERT
Max CVSS
8.4
EPSS Score
0.04%
Published
2024-05-15
Updated
2024-05-28
SQL injection vulnerability exists in GetDIAE_astListParameters.
Source: ICS-CERT
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-22
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
Source: ICS-CERT
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-03-21
Updated
2024-03-25
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.
Source: ICS-CERT
Max CVSS
8.4
EPSS Score
N/A
Published
2024-05-28
Updated
2024-05-28
SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.
Source: ICS-CERT
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-22
MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application.
Source: ICS-CERT
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-01
Updated
2024-03-01
SQL injection vulnerability exists in GetDIAE_usListParameters.
Source: ICS-CERT
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-04-01
Updated
2024-04-02
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!