threat
engine
.sh
Back
·
··:··
Home
/
Product
/
deltaww diaenergie
Product
deltaww diaenergie
82 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-57703
< 1.11.01.001
DIAEnergie - Reflected Cross-site Scripting
6.1
MEDIUM
CVE-2025-57702
< 1.11.01.001
DIAEnergie - Reflected Cross-site Scripting
6.1
MEDIUM
CVE-2025-57701
< 1.11.01.001
DIAEnergie - Reflected Cross-site Scripting
6.1
MEDIUM
CVE-2025-57700
< 1.11.01.001
DIAEnergie - Stored Cross-site Scripting
6.1
MEDIUM
CVE-2024-43699
<= 1.10.01.008
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be
9.8
CRITICAL
CVE-2024-42417
<= 1.10.01.008
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be ab
8.8
HIGH
CVE-2024-4549
< 1.10.01.004
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!'
7.5
HIGH
CVE-2024-4548
< 1.10.01.004
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC'
9.8
CRITICAL
CVE-2024-4547
< 1.10.01.004
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript'
9.8
CRITICAL
CVE-2024-34033
all versions
Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and writ
8.8
HIGH
CVE-2024-34032
all versions
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authe
8.8
HIGH
CVE-2024-34031
all versions
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authen
8.8
HIGH
CVE-2024-25574
< 1.10.00.005
SQL injection vulnerability exists in GetDIAE_usListParameters.
8.8
HIGH
CVE-2024-28171
< 1.10.00.005
It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that al
8.1
HIGH
CVE-2024-28045
< 1.10.00.005
Improper neutralization of input within the affected product could lead to cross-site scripting.
4.6
MEDIUM
CVE-2024-28040
< 1.10.00.005
SQL injection vulnerability exists in GetDIAE_astListParameters.
8.8
HIGH
CVE-2024-25567
< 1.10.00.005
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name
8.1
HIGH
CVE-2024-23975
< 1.10.00.005
SQL injection vulnerability exists in GetDIAE_slogListParameters.
8.8
HIGH
CVE-2024-23494
< 1.10.00.005
SQL injection vulnerability exists in GetDIAE_unListParameters.
8.8
HIGH
CVE-2024-28891
< 1.10.00.005
SQL injection vulnerability exists in the script Handler_CFG.ashx.
8.8
HIGH
CVE-2024-28029
< 1.10.00.005
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and a
8.8
HIGH
CVE-2024-25937
< 1.10.00.005
SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.
8.8
HIGH
CVE-2023-0822
< 1.9.03.001
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized
8.8
HIGH
CVE-2022-43506
< 1.9.02.001
SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to
8.8
HIGH
CVE-2022-43457
< 1.9.02.001
SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attac
8.8
HIGH
CVE-2022-43452
< 1.9.02.001
SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an atta
8.8
HIGH
CVE-2022-43447
< 1.9.02.001
SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attack
8.8
HIGH
CVE-2022-41775
< 1.9.02.001
SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to i
8.8
HIGH
CVE-2022-41773
< 1.9.01.002
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A l
8.8
HIGH
CVE-2022-41702
< 1.9.01.002
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability throu
8.7
HIGH
CVE-2022-41701
< 1.9.01.002
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability throu
8.7
HIGH
CVE-2022-41651
< 1.9.01.002
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability throu
8.7
HIGH
CVE-2022-41555
< 1.9.01.002
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability throu
8.7
HIGH
CVE-2022-41133
< 1.9.01.002
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_messa
8.8
HIGH
CVE-2022-40967
< 1.9.01.002
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExi
8.8
HIGH
CVE-2022-40965
< 1.9.01.002
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability throu
8.7
HIGH
CVE-2022-43775
all versions
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code ex
9.8
CRITICAL
CVE-2022-43774
all versions
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain
9.8
CRITICAL
CVE-2022-3214
< 1.9.03.009
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Crede
9.8
CRITICAL
CVE-2022-33005
all versions
A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 all
6.1
MEDIUM
CVE-2022-1378
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.a
9.8
CRITICAL
CVE-2022-1377
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.
9.8
CRITICAL
CVE-2022-1376
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHand
9.8
CRITICAL
CVE-2022-1375
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler
9.8
CRITICAL
CVE-2022-1374
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.a
9.8
CRITICAL
CVE-2022-1372
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. Thi
9.8
CRITICAL
CVE-2022-1371
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This a
9.8
CRITICAL
CVE-2022-1370
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. Thi
9.8
CRITICAL
CVE-2022-1369
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This
9.8
CRITICAL
CVE-2022-1367
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx
9.8
CRITICAL
CVE-2022-1366
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ash
9.8
CRITICAL
CVE-2022-1098
< 1.8.02.004
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with th
7.8
HIGH
CVE-2022-27175
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagL
9.8
CRITICAL
CVE-2022-26887
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHand
9.8
CRITICAL
CVE-2022-26839
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie
7.8
HIGH
CVE-2022-26836
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExpo
9.8
CRITICAL
CVE-2022-26667
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAn
9.8
CRITICAL
CVE-2022-26666
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx.
9.8
CRITICAL
CVE-2022-26514
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHan
9.8
CRITICAL
CVE-2022-26349
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoef
9.8
CRITICAL
CVE-2022-26338
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID
9.8
CRITICAL
CVE-2022-26069
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage
9.8
CRITICAL
CVE-2022-26065
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandN
9.8
CRITICAL
CVE-2022-26059
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryDat
9.8
CRITICAL
CVE-2022-26013
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdset
9.8
CRITICAL
CVE-2022-25980
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerComm
9.8
CRITICAL
CVE-2022-25880
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.a
9.8
CRITICAL
CVE-2022-25347
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attack
9.8
CRITICAL
CVE-2022-0923
< 1.8.02.004
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDial
9.8
CRITICAL
CVE-2022-0988
<= 1.7.5
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by defa
7.1
HIGH
CVE-2021-44544
<= 1.7.5
DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected
7.5
HIGH
CVE-2021-44471
<= 1.7.5
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary cod
7.5
HIGH
CVE-2021-31558
<= 1.7.5
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary cod
6.5
MEDIUM
CVE-2021-23228
<= 1.7.5
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned
7.5
HIGH
CVE-2021-38393
<= 1.7.5
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Ver
9.8
CRITICAL
CVE-2021-38391
<= 1.7.5
A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version
9.8
CRITICAL
CVE-2021-38390
<= 1.7.5
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Ver
9.8
CRITICAL
CVE-2021-33003
<= 1.7.5
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashin
5.5
MEDIUM
CVE-2021-32991
<= 1.7.5
Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to c
4.3
MEDIUM
CVE-2021-32983
<= 1.7.5
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1
9.8
CRITICAL
CVE-2021-32967
<= 1.7.5
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenti
9.8
CRITICAL
CVE-2021-32955
<= 1.7.5
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely exe
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin