Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in...
7.8CVSS
7.9AI Score
0.001EPSS
Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be...
5.5CVSS
5.4AI Score
0.001EPSS
CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code...
7.8CVSS
7.7AI Score
0.001EPSS
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result,...
7.5CVSS
7.8AI Score
0.007EPSS
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C and Motion Control Setting(GX Works3 related software) versions from 1.035M to 1.042U allows a remote unauthenticated...
7.5CVSS
7.9AI Score
0.013EPSS
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Motion Control Setting(GX Works3 related software) versions from 1.000A and later allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a...
9.1CVSS
9AI Score
0.006EPSS
Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the...
9.8CVSS
9.3AI Score
0.002EPSS
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive...
7.5CVSS
8.6AI Score
0.002EPSS
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream...
6.5CVSS
7AI Score
0.001EPSS
Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated...
9.8CVSS
9.5AI Score
0.002EPSS
Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized...
7.5CVSS
7.9AI Score
0.002EPSS
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that...
7.5CVSS
8.9AI Score
0.002EPSS
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or...
7.5CVSS
8.8AI Score
0.002EPSS
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service...
9.8CVSS
9.4AI Score
0.004EPSS
Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary...
9.8CVSS
9.6AI Score
0.011EPSS
Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the...
7.8CVSS
7.4AI Score
0.0004EPSS
A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP...
7.5CVSS
7.4AI Score
0.008EPSS
Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn...
6.6AI Score
0.878EPSS
Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and...
8.1AI Score
0.076EPSS