Meteocontrol Web'log Security Vulnerabilities
Meteocontrol WEB'log Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-133-01 Meteocontrol WEB'log Vulnerabilities that was published May 12, 2016, on the NCCIC/ICS‑CERT web site. Independent researcher Karn Ganeshen has identified one authentication and two information exposure...
9.8CVSS
9.7AI Score
0.39EPSS
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per...
8.8CVSS
9.2AI Score
0.001EPSS
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per...
8.8CVSS
9AI Score
0.001EPSS
Cross site request forgery (csrf)
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per...
8.8CVSS
7.2AI Score
0.001EPSS
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per...
8.8AI Score
0.001EPSS
Meteocontrol WEBlog Password Extractor
This module exploits an authentication bypass vulnerability in Meteocontrol WEBLog appliances (software version < May 2016 release) to extract Administrator password for the device management...
7.4AI Score
7.1AI Score
7.4AI Score
9.4CVSS
9.4AI Score
0.39EPSS
Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)
Exploit for multiple platform in category web...
-0.2AI Score
0.39EPSS
9.4CVSS
9.6AI Score
EPSS
0.1AI Score
0.39EPSS
Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)
Meteocontrol WEB’log - Admin Password Disclosure...
9.4CVSS
-0.2AI Score
0.39EPSS
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified...
9.8CVSS
9AI Score
0.005EPSS
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified...
9.8CVSS
9.2AI Score
0.005EPSS
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like...
9.4CVSS
9.9AI Score
0.003EPSS
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like...
9.4CVSS
9.8AI Score
0.003EPSS
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified...
9.4CVSS
9.2AI Score
0.39EPSS
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified...
9.4CVSS
9AI Score
0.39EPSS
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified...
9.8CVSS
6.8AI Score
0.005EPSS
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified...
9.4CVSS
6.9AI Score
0.39EPSS
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like...
9.4CVSS
8.3AI Score
0.003EPSS
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like...
9.8AI Score
0.003EPSS
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified...
9.2AI Score
0.005EPSS
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified...
9.2AI Score
0.39EPSS
Meteocontrol WEB'log Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-133-01 Meteocontrol WEB'log Vulnerabilities that was published May 12, 2016, on the NCCIC/ICS‑CERT web site. Independent researcher Karn Ganeshen has identified one authentication and two information exposure...
9.8CVSS
0.9AI Score
0.39EPSS