Lucene search
K

52 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-23755

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.0062EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/01/17 2:8 p.m.10 views

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a varie...

9.3CVSS10AI score0.02341EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/12/10 12:0 a.m.5 views

The vulnerability of microprogrammed software in embedded network control controllers for building automation systems, such as ASPECT Enterprise, NEXUS Series, and MATRIX Series, arises from improper validation of certain types of input data. This allows unauthorized access by attackers to the device.

The vulnerability of microprogrammed software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to improper validation of certain types of input data. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized acces...

10CVSS5.4AI score0.00449EPSS
Exploits0References2Affected Software4
Vulnrichment
Vulnrichment
added 2024/03/21 3:54 p.m.14 views

CVE-2024-29019 ESPHome vulnerable to Authentication bypass via Cross site request forgery

ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 command line installation are vulnerable to Cross-Site Request Forgery CSRF allowing remote attackers to carry out attacks against a logged...

8.1CVSS6.7AI score0.00269EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/08/04 12:0 a.m.7 views

The vulnerability of the data exchange server between automation systems and devices, using the OPC AO-OPC standard, arises from the absence of quotation marks in the syntax of elements or search paths. This allows attackers to execute arbitrary code and increase their privileges.

The vulnerability of the data exchange server between automation systems and devices, using the OPC AO-OPC standard, is related to the absence of quotation marks in the syntax of elements or search paths. Exploiting this vulnerability allows attackers to execute arbitrary code and increase their...

7.2CVSS7AI score0.00153EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/05/23 9:15 p.m.8 views

CVE-2023-1508

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection. This issue affects Mobilmen Terminal Software: before 3...

9.8CVSS9.9AI score0.0062EPSS
Exploits0References2
Prion
Prion
added 2023/05/23 9:15 p.m.14 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection.This issue affects Mobilmen Terminal Software: before 3...

7.5CVSS9.7AI score0.0062EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/23 8:0 p.m.40 views

CVE-2023-1508

Summary: A SQL Injection vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software (Mobilmen Terminal Software) affects versions before 3 due to improper neutralization of special elements in SQL commands. Impact: high confidentiality, integrity, and availability (CVSS v3.1 base ...

9.8CVSS7.4AI score0.0062EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/05/23 8:0 p.m.16 views

CVE-2023-1508 SQLi in AdamPOS's Mobilmen Terminal Software

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection. This issue affects Mobilmen Terminal Software: before 3...

9.8CVSS10AI score0.0062EPSS
Exploits0References2
Trellix
Trellix
added 2022/08/25 12:0 a.m.17 views

A Door Isn’t a Door When It’s Ajar - Part 3

A Door Isn’t a Door When It’s Ajar - Part III By Trellix · August 25, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Installing OnGuard by Third Party Vendor Exploitation and Hacking the Planet! Putting it all Together Building the Final Demo System The Demo Lessons and...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/06/28 11:30 a.m.197 views

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October...

9.8CVSS2.2AI score0.99999EPSS
Exploits63
CNVD
CNVD
added 2022/06/27 12:0 a.m.19 views

Elcomplus LLC SmartICS Path Traversal Vulnerability

Elcomplus LLC SmartICS is a builder of top-level visualizations for industrial automation systems from Elcomplus LLC. A path traversal vulnerability exists in Elcomplus LLC SmartICS, which stems from inadequate validation of file names. An attacker could exploit this vulnerability to perform a pa...

4CVSS4.2AI score0.00587EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.46 views

Siemens TIA Administrator Denial of Service Vulnerability

SIMATIC PCS neo is a distributed control system DCS.TIA Administrator is a web-based framework.Siemens Network Planner SINETPLAN supports you as a planner of PROFINET-based automation systems.TIA Portal is a PC A denial of service vulnerability exists in Siemens TIA Administrator, which can be...

7.8CVSS3.6AI score0.01376EPSS
Exploits0References1
Securelist
Securelist
added 2022/03/03 10:0 a.m.19 views

Threat landscape for industrial automation systems, H2 2021

2021 is the second year we have spent living and working in the pandemic. By 2021 everyone got used to pandemic limitations – industrial organization employees and IT security professionals and threat actors. If we compare the numbers from 2020 and 2021, we see that 2021 looks more stable,...

1AI score
Exploits0
NVD
NVD
added 2021/11/16 4:15 p.m.11 views

CVE-2021-3958

Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0...

9.8CVSS0.14501EPSS
Exploits1References1
Prion
Prion
added 2021/11/16 4:15 p.m.16 views

Sql injection

Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0...

7.5CVSS9.7AI score0.14501EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/11/16 3:46 p.m.52 views

CVE-2021-3958

CVE-2021-3958 is a SQL injection vulnerability in IPack SCADA Automation Software caused by improper handling of parameters. It affects IPack SCADA Software versions prior to 1.1.0 and is described as Blind SQL Injection with potential for remote exploitation over network. Public records indicate...

9.8CVSS9.9AI score0.14501EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/11/16 3:46 p.m.24 views

CVE-2021-3958 SQL Injection Vulnerability in Ipack SCADA Software

Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0...

9.8CVSS10AI score0.14501EPSS
Exploits1References1
Prion
Prion
added 2021/11/09 12:15 p.m.22 views

Design/Logic Flaw

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...

5CVSS8.2AI score0.01477EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/11/09 11:31 a.m.24 views

CVE-2021-31882

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303. The DHCP client application does not validate the length of the Domain Name Server IP options 0x06 when processing DHCP ACK packets. This may lead to...

6.5CVSS8.7AI score0.01476EPSS
Exploits0References6
Rows per page
Query Builder