Lucene search

K

Scada Security Vulnerabilities

cve
cve

CVE-2024-5040

There are multiple ways in LCDS LAquis SCADA for an attacker to access locations outside of their own...

7.8CVSS

7.4AI Score

0.001EPSS

2024-05-21 09:15 PM
33
cve
cve

CVE-2022-0369

Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit....

7.2CVSS

7.5AI Score

0.001EPSS

2024-05-07 11:15 PM
29
cve
cve

CVE-2023-39466

Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit....

5.3CVSS

5AI Score

0.0005EPSS

2024-05-03 03:15 AM
27
cve
cve

CVE-2023-39465

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to...

7.5CVSS

7.2AI Score

0.0005EPSS

2024-05-03 03:15 AM
25
cve
cve

CVE-2023-39468

Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required....

7.2CVSS

7.5AI Score

0.0005EPSS

2024-05-03 03:15 AM
23
cve
cve

CVE-2023-39467

Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability....

5.3CVSS

4.9AI Score

0.0005EPSS

2024-05-03 03:15 AM
24
cve
cve

CVE-2023-39463

Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is...

7.2CVSS

7.5AI Score

0.0005EPSS

2024-05-03 03:15 AM
28
cve
cve

CVE-2023-39464

Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this.....

7.2CVSS

7.5AI Score

0.0005EPSS

2024-05-03 03:15 AM
26
cve
cve

CVE-2023-39460

Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this.....

7.2CVSS

7.1AI Score

0.001EPSS

2024-05-03 03:15 AM
25
cve
cve

CVE-2023-39461

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required.....

4.4CVSS

5AI Score

0.0005EPSS

2024-05-03 03:15 AM
25
cve
cve

CVE-2023-39462

Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the...

6.5CVSS

6.8AI Score

0.0005EPSS

2024-05-03 03:15 AM
27
cve
cve

CVE-2023-39458

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit...

5.3CVSS

5.4AI Score

0.0005EPSS

2024-05-03 03:15 AM
23
cve
cve

CVE-2023-39457

Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw...

9.8CVSS

9.8AI Score

0.0005EPSS

2024-05-03 03:15 AM
21
cve
cve

CVE-2023-39459

Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in.....

7.8CVSS

7.4AI Score

0.001EPSS

2024-05-03 03:15 AM
25
cve
cve

CVE-2024-2453

There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote...

6.4CVSS

7.6AI Score

0.0004EPSS

2024-03-21 11:15 PM
31
cve
cve

CVE-2024-21866

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-02-02 12:15 AM
14
cve
cve

CVE-2024-22096

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the...

6.5CVSS

6.4AI Score

0.001EPSS

2024-02-02 12:15 AM
16
cve
cve

CVE-2024-22016

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege...

7.8CVSS

7.6AI Score

0.0004EPSS

2024-02-02 12:15 AM
18
cve
cve

CVE-2024-21869

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see...

6.2CVSS

5.3AI Score

0.0004EPSS

2024-02-02 12:15 AM
14
cve
cve

CVE-2024-21794

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login...

5.4CVSS

5.4AI Score

0.0004EPSS

2024-02-02 12:15 AM
14
cve
cve

CVE-2024-21764

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific...

9.8CVSS

9.2AI Score

0.001EPSS

2024-02-02 12:15 AM
22
cve
cve

CVE-2024-21852

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code...

8.8CVSS

8.7AI Score

0.001EPSS

2024-02-01 11:15 PM
14
cve
cve

CVE-2023-33472

An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers...

8.8CVSS

9AI Score

0.002EPSS

2024-01-13 02:15 AM
9
cve
cve

CVE-2023-6061

Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an...

7.8CVSS

7.7AI Score

0.001EPSS

2023-12-08 12:15 AM
7
cve
cve

CVE-2023-33873

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-11-15 05:15 PM
31
cve
cve

CVE-2023-34982

This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of...

7.1CVSS

6.8AI Score

0.0004EPSS

2023-11-15 05:15 PM
27
cve
cve

CVE-2023-5986

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is....

8.2CVSS

6AI Score

0.0005EPSS

2023-11-15 04:15 AM
13
cve
cve

CVE-2023-5987

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected....

6.1CVSS

6.1AI Score

0.0005EPSS

2023-11-15 04:15 AM
13
cve
cve

CVE-2023-42493

EisBaer Scada - CWE-256: Plaintext Storage of a...

9.8CVSS

9.3AI Score

0.001EPSS

2023-10-25 06:17 PM
10
cve
cve

CVE-2023-42489

EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical...

9.8CVSS

9.4AI Score

0.001EPSS

2023-10-25 06:17 PM
7
cve
cve

CVE-2023-42491

EisBaer Scada - CWE-285: Improper...

9.8CVSS

9.4AI Score

0.001EPSS

2023-10-25 06:17 PM
11
cve
cve

CVE-2023-42492

EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic...

9.8CVSS

9.4AI Score

0.001EPSS

2023-10-25 06:17 PM
6
cve
cve

CVE-2023-42490

EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized...

7.5CVSS

7.5AI Score

0.001EPSS

2023-10-25 06:17 PM
9
cve
cve

CVE-2023-42488

EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path...

7.5CVSS

7.5AI Score

0.001EPSS

2023-10-25 06:17 PM
6
cve
cve

CVE-2023-42494

EisBaer Scada - CWE-749: Exposed Dangerous Method or...

9.8CVSS

9.4AI Score

0.001EPSS

2023-10-25 06:17 PM
10
cve
cve

CVE-2023-5391

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the...

9.8CVSS

9.4AI Score

0.002EPSS

2023-10-04 07:15 PM
40
cve
cve

CVE-2023-4986

A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this.....

2.5CVSS

4.1AI Score

0.0004EPSS

2023-09-15 03:15 PM
11
cve
cve

CVE-2023-4985

A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be.....

7.8CVSS

7.7AI Score

0.0004EPSS

2023-09-15 03:15 PM
15
cve
cve

CVE-2023-4516

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious...

7.8CVSS

7.5AI Score

0.0004EPSS

2023-09-14 09:15 AM
26
cve
cve

CVE-2023-4485

ARDEREG ​Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, the....

9.8CVSS

9.8AI Score

0.001EPSS

2023-09-06 12:15 AM
23
cve
cve

CVE-2023-0956

External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the...

7.5CVSS

7.4AI Score

0.001EPSS

2023-08-03 07:15 PM
17
cve
cve

CVE-2023-1437

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute...

9.8CVSS

9.7AI Score

0.001EPSS

2023-08-02 11:15 PM
17
cve
cve

CVE-2023-2866

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA...

7.8CVSS

7.4AI Score

0.001EPSS

2023-06-07 09:15 PM
21
cve
cve

CVE-2023-2187

On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event"....

5.3CVSS

5.3AI Score

0.001EPSS

2023-06-07 07:15 AM
14
cve
cve

CVE-2023-2186

On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string...

9.8CVSS

9.4AI Score

0.002EPSS

2023-06-07 07:15 AM
15
cve
cve

CVE-2023-32540

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code...

9.8CVSS

9.4AI Score

0.001EPSS

2023-06-06 12:15 AM
16
cve
cve

CVE-2023-32628

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code...

9.8CVSS

9.5AI Score

0.002EPSS

2023-06-06 12:15 AM
13
cve
cve

CVE-2023-22450

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code...

7.2CVSS

7.1AI Score

0.001EPSS

2023-06-06 12:15 AM
12
cve
cve

CVE-2023-30459

SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by...

7.2CVSS

7.4AI Score

0.003EPSS

2023-04-14 03:15 PM
25
cve
cve

CVE-2022-41976

An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user...

9.9CVSS

8.6AI Score

0.004EPSS

2023-04-10 03:15 PM
20
Total number of security vulnerabilities286