PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting...
6.1CVSS
6.5AI Score
0.0005EPSS
There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password...
9.8CVSS
9.4AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.001EPSS
PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin...
6.5CVSS
7.1AI Score
0.0005EPSS
PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then.....
8.8CVSS
9AI Score
0.001EPSS
7.5CVSS
8AI Score
0.001EPSS
PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary...
9.8CVSS
9.3AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.001EPSS
The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic...
9.8CVSS
9.3AI Score
0.001EPSS