FUJI ELECTRIC CO., LTD. Security Vulnerabilities

Fuji Electric V-Server Detection

Fuji Electric V-Server, a SCADA application used to connect to a PLC via MONITOUCH, is running on the remote...

Schneider Electric Accutech Manager Detection

The remote host has Schneider Electric Accutech Manager installed. It is configuration and management software for wireless SCADA...

co-vier.nl Improper Access Control vulnerability OBB-3863290

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

co-matic.com Cross Site Scripting vulnerability OBB-3858335

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-31680

File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php...

Schneider Electric InduSoft Web Studio Detection

The remote host has Schneider Electric InduSoft Web Studio installed. This is a development and maintenance software for wireless SCADA...

CVE-2024-34171

Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary...

7-Technologies / Schneider-Electric IGSS Detection

IGSS (Interactive Graphical SCADA System) is installed on the remote Windows host. It is a SCADA system for process control and supervision developed by 7-Technologies /...

Schneider Electric InduSoft Web Studio Detection

The remote host is running Schneider Electric InduSoft Web Studio, a software application for managing and monitoring remote SCADA...

Schneider Electric FTP Server Default Credentials

The remote FTP server has an account with a known username / password combination, which is hardcoded into the device's firmware and difficult to change or remove. An attacker may be able to use this to gain privileged authenticated access to the system, which could allow for other attacks against....

CVE-2024-5271

Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code...

Schneider Electric InTouch Machine Edition Detection

The remote host has Schneider Electric InTouch Machine Edition installed. This is an application development and maintenance software for wireless SCADA...

Schneider Electric Multiple Products Buffer Overflow

The remote host has Schneider Electric software installed that is affected by a stack-based buffer overflow vulnerability in file 'isObjectModel.dll' of the DTM development kit. This flaw can be exploited by a remote attacker to execute arbitrary...

Schneider Electric C-Gate < 2.11.6 Multiple Vulnerabilities

The Schneider Electric C-Gate running on the remote host is affected by multiple vulnerabilities : A path traversal vulnerability exists within the processing of commands sent to the C-Gate server. The issue results from the lack of proper validation of a user-supplied path prior to...

co-free.julius-kuehn.de Cross Site Scripting vulnerability OBB-3870099

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CirCarLife Scada <4.3 - System Log Exposure

CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging...

Schneider Electric Accutech Manager RFManagerService Heap Overflow

The remote host has a version of Schneider Electric Accutech Manager installed that is affected by a heap overflow vulnerability. By sending a specially crafted GET request to the RFManagerService listening on port 2537, an attacker could cause the service to crash or execute arbitrary...

Mitsubishi Electric Automation MC-WorX Suite Detection

Mitsubishi Electric Automation MC-WorX, a suite of software modules for data visualization and SCADA applications, is installed on the remote Windows...

Takebishi Electric DeviceXPlorer OPC Server Multiple Vulnerabilities

The version of the Takebishi Electric DeviceXPlorer OPC server installed on the remote Windows host reportedly contains flaws in its data access methods that allow access to arbitrary portions of memory. A remote attacker with access to the OPC interface may be able to leverage these issues to...

Schneider Electric Accutech Manager 'RFManagerService' SQL Injection

The remote host has a version of Schneider Electric Accutech Manager installed that is affected by a SQL injection vulnerability. By sending a specially crafted packet to 'RFManagerService' listening on port 2536, an attacker is able to authenticate to the service and then manipulate the...

CVE-2024-34947

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...

CVE-2024-34948

An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP...

CVE-2023-23990

Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...

CVE-2023-49956

An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active...

7-Technologies / Schneider-Electric IGSS ODBC Version Identification

A 7-Technologies / Schneider-Electric Interactive Graphical SCADA System (IGSS) service is running on the remote Windows host, specifically Odbcixv#se.exe, an IGSS system ODBC component. Here the '#' token represents the version number of the executable, which can...

7-Technologies / Schneider-Electric IGSS Data Collector Detection

The Interactive Graphical SCADA System (IGSS) Data Collector 'dc.exe' is running on the remote Windows host. It is an IGSS system component developed by 7-Technologies /...

7-Technologies / Schneider-Electric IGSS ODBC Service Detection

A 7-Technologies / Schneider-Electric Interactive Graphical SCADA System (IGSS) service is running on the remote Windows host, specifically Odbcixvse.exe, an IGSS system ODBC component. Here the '' token represents the version number of the executable, which can...

Schneider Electric InduSoft Web Studio Arbitrary Script Execution

The Schneider Electric InduSoft Web Studio running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this issue to execute arbitrary code by sending a specially crafted packet to the TCP/IP server listening on the default...

CVE-2024-1067

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the...

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure

...

wap-co-nop-sitiowebsc.azurewebsites.net Cross Site Scripting vulnerability OBB-3852309

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.6.4 - Missing Authorization

Description The WP Post Author plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

co-iki.org Cross Site Scripting vulnerability OBB-3898416

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-38817

An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...

turn8.co Cross Site Scripting vulnerability OBB-3899708

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Schneider Electric Interactive Graphical SCADA System (IGSS) Unsupported Version

The remote host has a version of Schneider Electric Interactive Graphical SCADA System (IGSS) installed that is prior to 9.x. It is, therefore, no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to...

CVE-2023-49958

An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is...

CVE-2023-6363

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them...

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...

Schneider Electric ISGG dc.exe File Upload RCE (CVE-2021-22803)

The Schneider Electric IGSS Data Collector (dc.exe) running on the remote host is affected by a remote code execution vulnerability due to the lack of proper validation of user-supplied data. An unauthenticated, remote attacker can exploit this to upload arbitrary files to the remote host and...

Schneider Electric InduSoft Web Studio / InTouch Machine Edition < 8.1 RCE

The Schneider Electric InduSoft Web Studio (IWS) or InTouch Machine Edition (ITME) running on the remote host is affected by a remote code execution vulnerability due to a stack overflow condition when handling tag subscription. An unauthenticated, remote attacker can exploit this issue, via a...

Schneider Electric Interactive Graphical SCADA System dc.exe Unspecified Buffer Overflow

The installed version of IGSS is 9.x earlier than 9.0.0.12331 / 10.x earlier than 10.0.0.12320. It is, therefore, reportedly affected by an unspecified buffer overflow vulnerability. By sending specially crafted packets to the dc.exe service on TCP port 12397, an unauthenticated, remote attacker...

CVE-2023-49955

An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing...

Schneider Electric IGSS Data Server Path Traversal (CVE-2022-24312)

The Schneider Electric IGSS Data Server (IGSSdataServer.exe) running on the remote host is affected by a path traversal vulnerability due to the lack of proper validation of a user-supplied path prior to using it in file operations. An unauthenticated, remote attacker can exploit this, via a...

CVE-2023-49957

An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to the expected ConcurrentTx status. This could result in critical transaction management and...

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.6.4 - Missing Authorization to Rating Manipulation

Description The WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and.....

Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

(RHSA-2024:3392) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....