18 matches found
CVE-2024-5433
The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated...
CVE-2024-5434
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were t...
CVE-2024-5434 Weak Encoding for Password vulnerability in Campbell Scientific CSI Web Server and RTMC
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were t...
CVE-2024-5434 Weak Encoding for Password vulnerability in Campbell Scientific CSI Web Server and RTMC
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were t...
CVE-2024-5433 Path Traversal in Campbell Scientific CSI Web Server and RTMC
The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated...
PT-2024-36224 · Campbell Scientific · Campbell Scientific Csi Web Server
Name of the Vulnerable Software and Affected Versions: Campbell Scientific CSI Web Server affected versions not specified Description: The issue concerns the storage of web authentication credentials in a file with a specific name. The passwords in this file are stored in a weakly encoded format,...
Campbell Scientific CSI Web Server 路径遍历漏洞
Campbell Scientific CSI Web Server is a web server from Campbell Scientific. A path traversal vulnerability exists in Campbell Scientific CSI Web Server version 1.6 and earlier, which originates from a vulnerability that allows an attacker to gain anonymous, unauthenticated access to files and...
PT-2024-36213 · Campbell Scientific · Campbell Scientific Csi Web Server
Name of the Vulnerable Software and Affected Versions: Campbell Scientific CSI Web Server affected versions not specified Description: The issue allows anonymous, unauthenticated access to files and directories outside of the webserver root directory. This is achieved through a specially crafted...
Campbell Scientific CSI Web Server 安全漏洞
Campbell Scientific CSI Web Server is a web server from Campbell Scientific. A security vulnerability exists in Campbell Scientific CSI Web Server version 1.6 and prior versions, which originates when the password for a file is stored in a weakly encoded format, which allows an attacker to decode...
campbellsci.ca Cross Site Scripting vulnerability OBB-3786845
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-0321
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the defau...
Default configuration
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the defau...
Campbell Scientific dataloggers 信息泄露漏洞
Campbell Scientific dataloggers CR Series is a line of scientific data loggers from Campbell Scientific. A security vulnerability exists in the Campbell Scientific dataloggers that stems from the fact that they allow an attacker to download configuration files that may contain sensitive informati...
CVE-2023-0321 Disclosure of Sensitive Information on Campbell Scientific Products
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the defau...
PT-2023-16175 · Campbell Scientific · Cr300 +4
Name of the Vulnerable Software and Affected Versions: Campbell Scientific dataloggers versions CR6, CR300, CR800, CR1000, CR3000 Description: The issue allows an attacker to download configuration files, potentially containing sensitive internal network information. By default, the devices have...
CVE-2023-0321 Disclosure of Sensitive Information on Campbell Scientific Products
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the defau...
CVE-2023-0321
CVE-2023-0321 affects Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000. With factory defaults the devices have HTTP and PakBus enabled, and the PakBus port allows downloading, modifying, and uploading configuration files that may contain sensitive internal-network information....
campbellsci.fr Cross Site Scripting vulnerability OBB-2843987
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...