A vulnerability has been found in Delta Electronics DVP32ES2 PLC 1.48 and classified as critical. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. VDB-241582 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents.
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation.
Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information.
A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wKPFStringLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.
A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field.
Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information.
The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.
Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability.
Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host.
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code.
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code.
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code.
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code.
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code.
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information.
Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files.
Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter.
Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.
Delta Electronics DVP15MC11T lacks proper validation of the modbus/tcp packets and can lead to denial of service.
| CVE ID ⇅ | Severity ↓ | Description | |
|---|---|---|---|
| CVE-2023-5459 | MEDIUM | A vulnerability has been found in Delta Electronics DVP32ES2 PLC 1.48 and classified as critical. Th… | › |
| CVE-2023-34316 | MEDIUM | An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1… | › |
| CVE-2023-1137 | MEDIUM | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which … | › |
| CVE-2018-14824 | MEDIUM | Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulner… | › |
| CVE-2023-43816 | MEDIUM | A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft vers… | › |
| CVE-2022-33005 | MEDIUM | A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Elect… | › |
| CVE-2021-44768 | MEDIUM | Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while … | › |
| CVE-2021-38424 | MEDIUM | The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attack… | › |
| CVE-2025-57704 | MEDIUM | Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Proce… | › |
| CVE-2022-2759 | MEDIUM | Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by imp… | › |
| CVE-2021-38488 | MEDIUM | Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because a… | › |
| CVE-2021-38428 | MEDIUM | Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because a… | › |
| CVE-2021-38411 | MEDIUM | Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because a… | › |
| CVE-2021-38407 | MEDIUM | Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because a… | › |
| CVE-2021-38403 | MEDIUM | Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because a… | › |
| CVE-2021-33003 | MEDIUM | Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in … | › |
| CVE-2021-27455 | MEDIUM | Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while… | › |
| CVE-2019-10992 | MEDIUM | Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple out-of-bounds read vuln… | › |
| CVE-2022-42141 | MEDIUM | Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter… | › |
| CVE-2021-32991 | MEDIUM | Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, wh… | › |
| CVE-2025-59301 | MEDIUM | Delta Electronics DVP15MC11T lacks proper validation of the modbus/tcp packets and can lead to denia… | › |