Gallagher Command Centre Server 安全漏洞

Gallagher Command Centre Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A security vulnerability exists in Gallagher Command Centre Server that stems from a privilege context switching error that could lead to cross-departmental...

CVE-2024-23317

External Control of File Name or Path CWE-73 in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a distributed in 9.10.1268MR1, 9.00 prior to vCR9.00.240521a...

CVE-2024-23317

External Control of File Name or Path CWE-73 in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a distributed in 9.10.1268MR1, 9.00 prior to vCR9.00.240521a...

CVE-2024-22383

Missing release of resource after effective lifetime CWE-772 in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the...

CVE-2024-21838

Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...

CVE-2024-21838

Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...

CVE-2022-2789

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic...

Design/Logic Flaw

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic PDT files and data blocks data BLD/BLK files...

Design/Logic Flaw

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol...

CVE-2022-2793

CVE-2022-2793 affects Emerson Proficy Machine Edition 9.00 and earlier. The flaw is Missing Support for Integrity Check (CWE-353): after a connection is established for SRTP, data packets are not authenticated or authorized. The vulnerability can enable data forgery/integrity issues on the SRTP c...

CVE-2022-2793

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol...

CVE-2022-2789

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic...

CVE-2022-2790

CVE-2022-2790 affects Emerson Electric’s Proficy Machine Edition, version 9.00 and prior. The issue is an improper verification of cryptographic signatures (CWE-347) that leads to failure to properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files). Reported by multiple sour...

PT-2022-18691 · Emerson Electric · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Emerson Electric's Proficy Machine Edition versions 9.00 and prior Description: The issue concerns improper access control, where project data is stored in a directory with improper access control lists, potentially allowing unauthorized...

PT-2022-4364 · Ge Digital · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Proficy Machine Edition versions 9.00 and prior Description: The issue is related to an unrestricted upload of files with dangerous types. This allows an attacker to upload and execute malicious files in the target system. The vulnerability i...

SAP Business Process Automation Information Disclosure Vulnerability

SAP Business Process Automation BPA By Redwood is a suite of business process automation solutions from SAP, Germany. A security vulnerability exists in SAP BPA By Redwood versions 9.00 and 9.10. An attacker could exploit the vulnerability to access restricted information...

HP Content Manager Workgroup Service Denial of Service Vulnerability

HP Content Manager is a governance-based enterprise content management system for helping government agencies, regulated industries, and global organizations manage their business content from creation to disposal. A remote denial of service vulnerability exists in HPE Content Manager Workgroup...

HP Diagnostics Server 'magentservice.exe' Buffer Overflow Vulnerability

HP Diagnostics Server is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Opera Web Browser 9.00 (iframe) Remote Denial of Service Exploit

Exploit for multiple platform in category dos / poc ================================================================ Opera Web Browser 9.00 iframe Remote Denial of Service Exploit ================================================================ function mystyle if fake.document.styleSheets.length...