Fuji Electric V-Server Detection
Fuji Electric V-Server, a SCADA application used to connect to a PLC via MONITOUCH, is running on the remote...
1.6AI Score
Schneider Electric Accutech Manager Detection
The remote host has Schneider Electric Accutech Manager installed. It is configuration and management software for wireless SCADA...
1.6AI Score
co-vier.nl Improper Access Control vulnerability OBB-3863290
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
co-matic.com Cross Site Scripting vulnerability OBB-3858335
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php...
8AI Score
0.0004EPSS
Schneider Electric InduSoft Web Studio Detection
The remote host has Schneider Electric InduSoft Web Studio installed. This is a development and maintenance software for wireless SCADA...
1.2AI Score
Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary...
7.8CVSS
8AI Score
7-Technologies / Schneider-Electric IGSS Detection
IGSS (Interactive Graphical SCADA System) is installed on the remote Windows host. It is a SCADA system for process control and supervision developed by 7-Technologies /...
2.5AI Score
Schneider Electric InduSoft Web Studio Detection
The remote host is running Schneider Electric InduSoft Web Studio, a software application for managing and monitoring remote SCADA...
0.8AI Score
Schneider Electric FTP Server Default Credentials
The remote FTP server has an account with a known username / password combination, which is hardcoded into the device's firmware and difficult to change or remove. An attacker may be able to use this to gain privileged authenticated access to the system, which could allow for other attacks against....
3.9AI Score
Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code...
7.8CVSS
8AI Score
Schneider Electric InTouch Machine Edition Detection
The remote host has Schneider Electric InTouch Machine Edition installed. This is an application development and maintenance software for wireless SCADA...
1.1AI Score
Schneider Electric Multiple Products Buffer Overflow
The remote host has Schneider Electric software installed that is affected by a stack-based buffer overflow vulnerability in file 'isObjectModel.dll' of the DTM development kit. This flaw can be exploited by a remote attacker to execute arbitrary...
3.4AI Score
Schneider Electric C-Gate < 2.11.6 Multiple Vulnerabilities
The Schneider Electric C-Gate running on the remote host is affected by multiple vulnerabilities : A path traversal vulnerability exists within the processing of commands sent to the C-Gate server. The issue results from the lack of proper validation of a user-supplied path prior to...
2.1AI Score
co-free.julius-kuehn.de Cross Site Scripting vulnerability OBB-3870099
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CirCarLife Scada <4.3 - System Log Exposure
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging...
9.1AI Score
0.944EPSS
Schneider Electric Accutech Manager RFManagerService Heap Overflow
The remote host has a version of Schneider Electric Accutech Manager installed that is affected by a heap overflow vulnerability. By sending a specially crafted GET request to the RFManagerService listening on port 2537, an attacker could cause the service to crash or execute arbitrary...
4.7AI Score
Mitsubishi Electric Automation MC-WorX Suite Detection
Mitsubishi Electric Automation MC-WorX, a suite of software modules for data visualization and SCADA applications, is installed on the remote Windows...
2.4AI Score
Takebishi Electric DeviceXPlorer OPC Server Multiple Vulnerabilities
The version of the Takebishi Electric DeviceXPlorer OPC server installed on the remote Windows host reportedly contains flaws in its data access methods that allow access to arbitrary portions of memory. A remote attacker with access to the OPC interface may be able to leverage these issues to...
7.3AI Score
Schneider Electric Accutech Manager 'RFManagerService' SQL Injection
The remote host has a version of Schneider Electric Accutech Manager installed that is affected by a SQL injection vulnerability. By sending a specially crafted packet to 'RFManagerService' listening on port 2536, an attacker is able to authenticate to the service and then manipulate the...
3.6AI Score
Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...
7.4AI Score
An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP...
7AI Score
Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...
7.6CVSS
6.9AI Score
0.0004EPSS
An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active...
6.9AI Score
0.0005EPSS
7-Technologies / Schneider-Electric IGSS ODBC Version Identification
A 7-Technologies / Schneider-Electric Interactive Graphical SCADA System (IGSS) service is running on the remote Windows host, specifically Odbcixv#se.exe, an IGSS system ODBC component. Here the '#' token represents the version number of the executable, which can...
4.4AI Score
7-Technologies / Schneider-Electric IGSS Data Collector Detection
The Interactive Graphical SCADA System (IGSS) Data Collector 'dc.exe' is running on the remote Windows host. It is an IGSS system component developed by 7-Technologies /...
2AI Score
7-Technologies / Schneider-Electric IGSS ODBC Service Detection
A 7-Technologies / Schneider-Electric Interactive Graphical SCADA System (IGSS) service is running on the remote Windows host, specifically Odbcixvse.exe, an IGSS system ODBC component. Here the '' token represents the version number of the executable, which can...
4.9AI Score
Schneider Electric InduSoft Web Studio Arbitrary Script Execution
The Schneider Electric InduSoft Web Studio running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this issue to execute arbitrary code by sending a specially crafted packet to the TCP/IP server listening on the default...
1.9AI Score
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the...
7.2AI Score
0.0004EPSS
7.1AI Score
0.008EPSS
wap-co-nop-sitiowebsc.azurewebsites.net Cross Site Scripting vulnerability OBB-3852309
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Description The WP Post Author plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...
6.7AI Score
0.0004EPSS
co-iki.org Cross Site Scripting vulnerability OBB-3898416
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...
7.8CVSS
7.3AI Score
0.0004EPSS
turn8.co Cross Site Scripting vulnerability OBB-3899708
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Schneider Electric Interactive Graphical SCADA System (IGSS) Unsupported Version
The remote host has a version of Schneider Electric Interactive Graphical SCADA System (IGSS) installed that is prior to 9.x. It is, therefore, no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to...
1.9AI Score
An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is...
7AI Score
0.0005EPSS
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them...
7.1AI Score
0.0004EPSS
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...
7.3AI Score
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...
7.4AI Score
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...
7.6AI Score
Schneider Electric ISGG dc.exe File Upload RCE (CVE-2021-22803)
The Schneider Electric IGSS Data Collector (dc.exe) running on the remote host is affected by a remote code execution vulnerability due to the lack of proper validation of user-supplied data. An unauthenticated, remote attacker can exploit this to upload arbitrary files to the remote host and...
9.7AI Score
Schneider Electric InduSoft Web Studio / InTouch Machine Edition < 8.1 RCE
The Schneider Electric InduSoft Web Studio (IWS) or InTouch Machine Edition (ITME) running on the remote host is affected by a remote code execution vulnerability due to a stack overflow condition when handling tag subscription. An unauthenticated, remote attacker can exploit this issue, via a...
2AI Score
Schneider Electric Interactive Graphical SCADA System dc.exe Unspecified Buffer Overflow
The installed version of IGSS is 9.x earlier than 9.0.0.12331 / 10.x earlier than 10.0.0.12320. It is, therefore, reportedly affected by an unspecified buffer overflow vulnerability. By sending specially crafted packets to the dc.exe service on TCP port 12397, an unauthenticated, remote attacker...
4.5AI Score
An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing...
6.9AI Score
0.0005EPSS
Schneider Electric IGSS Data Server Path Traversal (CVE-2022-24312)
The Schneider Electric IGSS Data Server (IGSSdataServer.exe) running on the remote host is affected by a path traversal vulnerability due to the lack of proper validation of a user-supplied path prior to using it in file operations. An unauthenticated, remote attacker can exploit this, via a...
3.5AI Score
An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to the expected ConcurrentTx status. This could result in critical transaction management and...
6.9AI Score
0.0005EPSS
Description The WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and.....
6.7AI Score
0.0004EPSS
Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
6.7AI Score
0.0004EPSS
(RHSA-2024:3392) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS