| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling (CWE-770) within their Modbus TCP service. |
| Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions. |
| The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code. |
| Delta Electronics DIAView has multiple vulnerabilities. |
| Delta Electronics DIAView has multiple vulnerabilities. |
| Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability. |
| Delta Electronics AS320T has
No checking of the length of the buffer with the file name vulnerability. |
| Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service. |
| Delta Electronics AS320T has no checking of the length of the buffer with the directory name
vulnerability. |
| ASDA-Soft Stack-based Buffer Overflow Vulnerability |
| Delta Electronics DIAView has Command Injection vulnerability. |
| Delta Electronics COMMGR2 has
Buffer Over-read DoS vulnerability. |
| Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. |
| Delta Electronics COMMGR2 has
Stack-based Buffer Overflow vulnerability. |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication. |
| ASDA-Soft Stack-based Buffer Overflow Vulnerability |
| Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. |
| Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. |
| Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to
1.9.03.009
have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. |
| DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information |
