📦 Diaenergie
by Deltaww
🔍 What is Diaenergie?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
Delta Electronics DIAEnergie has an SQL injection vulnerability in the AM_RegReport.aspx script that allows unauthenticated attackers to extract database records. This affects industrial control syste...
An unauthenticated SQL injection vulnerability in Delta Electronics DIAEnergie allows remote attackers to execute arbitrary SQL commands via specially crafted 'RecalculateScript' messages. This affect...
Delta Industrial Automation's DIAEnergy system contains hard-coded credentials that allow attackers to upload executable files to specific directories, leading to remote code execution. This affects a...
Delta Electronics DIAEnergie versions prior to 1.8.02.004 contain a blind SQL injection vulnerability in Handler_TCV.ashx that allows attackers to execute arbitrary SQL queries. This enables database ...
Delta Electronics DIAEnergie versions before 1.8.02.004 contain a blind SQL injection vulnerability in the ReadREGbyID function. This allows attackers to execute arbitrary SQL queries, potentially acc...
Delta Electronics DIAEnergie versions before 1.8.02.004 contain a blind SQL injection vulnerability in the dlSlog.aspx component. This allows attackers to execute arbitrary SQL queries, potentially ac...
Delta Electronics DIAEnergie versions prior to 1.8.02.004 contain a blind SQL injection vulnerability in the DIAE_slogHandler.ashx endpoint. This allows attackers to execute arbitrary SQL queries, pot...
Delta Electronics DIAEnergie versions prior to 1.8.02.004 contain a blind SQL injection vulnerability in the DIAE_rltHandler.ashx component. This allows attackers to execute arbitrary SQL queries, pot...
Delta Electronics DIAEnergie versions before 1.8.02.004 have a blind SQL injection vulnerability in HandlerChart.ashx that allows attackers to execute arbitrary SQL queries. This can lead to data thef...
Delta Electronics DIAEnergie versions before 1.8.02.004 contain a blind SQL injection vulnerability in HandlerECC.ashx that allows attackers to execute arbitrary SQL queries. This can lead to data the...
Delta Electronics DIAEnergie versions before 1.8.02.004 contain a blind SQL injection vulnerability in the HandlerExport.ashx/Calendar endpoint. This allows attackers to execute arbitrary SQL queries,...
Delta Electronics DIAEnergie versions prior to 1.8.02.004 contain a blind SQL injection vulnerability in DIAE_loopmapHandler.ashx that allows attackers to execute arbitrary SQL queries. This can lead ...
Delta Electronics DIAEnergie versions prior to 1.8.02.004 contain a blind SQL injection vulnerability in HandlerDialog_KID.ashx. This allows attackers to execute arbitrary SQL queries, potentially acc...
Delta Electronics DIAEnergie versions prior to 1.8.02.004 are vulnerable to path traversal attacks, allowing attackers to write arbitrary files to the file system. This affects all users of DIAEnergie...
Delta Electronics DIAEnergie versions before 1.8.02.004 contain a blind SQL injection vulnerability in HandlerCommon.ashx that allows attackers to execute arbitrary SQL queries. This enables database ...
Delta Electronics DIAEnergie versions prior to 1.8.02.004 contain a blind SQL injection vulnerability in the GetQueryData function. This allows attackers to execute arbitrary SQL queries, potentially ...
Delta Electronics DIAEnergie versions before 1.8.02.004 contain a blind SQL injection vulnerability in HandlerPage_KID.ashx. This allows attackers to execute arbitrary SQL queries, potentially accessi...
Delta Electronics DIAEnergie versions prior to 1.8.02.004 contain a blind SQL injection vulnerability in the DIAE_eccoefficientHandler.ashx endpoint. This allows attackers to execute arbitrary SQL que...
Delta Electronics DIAEnergie versions 1.7.5 and earlier contain an unrestricted file upload vulnerability that allows attackers to upload malicious files without proper validation. This can lead to re...
A blind SQL injection vulnerability in Delta Electronics DIAEnergie allows remote unauthenticated attackers to execute arbitrary SQL commands. This can lead to complete system compromise through arbit...
A denial-of-service vulnerability in Delta Electronics DIAEnergie allows attackers to cause system restarts by sending specially crafted 'ICS Restart!' messages to CEBC.exe. This affects all organizat...
Delta Electronics DIAEnergie software has a path traversal vulnerability that allows attackers to write files outside intended directories, potentially overwriting existing system files. This affects ...
This CVE describes a SQL injection vulnerability in the GetDIAE_usListParameters function that allows attackers to execute arbitrary SQL commands. It affects industrial control systems (ICS) and opera...
This CVE describes a path traversal vulnerability that allows attackers to write files outside intended directories and potentially overwrite existing files. It affects systems running vulnerable soft...
CVE-2024-28171 is a path traversal vulnerability that allows attackers to write files outside intended directories and overwrite existing system files. This affects industrial control systems and rela...
This CVE describes a SQL injection vulnerability in the GetDIAE_unListParameters function that allows attackers to execute arbitrary SQL commands. It affects industrial control systems (ICS) and opera...
DIAEnergie versions before v1.9.03.001 contain an improper authorization vulnerability that allows unauthorized users to bypass authentication and access privileged functionality. This affects industr...
Delta Electronics DIAEnergie versions prior to 1.8.02.004 are vulnerable to DLL hijacking combined with incorrect default permissions. This allows local attackers to escalate privileges by placing mal...
DIAEnergie versions 1.7.5 and earlier contain a reflected cross-site scripting (XSS) vulnerability in error pages that process .NET Request.QueryString input without proper sanitization. This allows a...
DIAEnergie versions 1.7.5 and earlier contain a cross-site scripting (XSS) vulnerability in the 'name' parameter of HandlerEnergyType.ashx. This allows attackers to inject malicious scripts that execu...
CVE-2025-57701 is a reflected cross-site scripting vulnerability in DIAEnergie software that allows attackers to inject malicious scripts into web pages viewed by users. This affects organizations usi...
CVE-2025-57702 is a reflected cross-site scripting (XSS) vulnerability in DIAEnergie software that allows attackers to inject malicious scripts into web pages viewed by other users. This affects organ...
CVE-2025-57703 is a reflected cross-site scripting (XSS) vulnerability in DIAEnergie software that allows attackers to inject malicious scripts into web pages viewed by users. This affects organizatio...
CVE-2025-57700 is a stored cross-site scripting (XSS) vulnerability in DIAEnergie energy management software that allows attackers to inject malicious scripts into web pages. When users view compromis...