Lucene search
K

18 matches found

NVD
NVD
added 2024/05/28 7:15 p.m.25 views

CVE-2024-5433

The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated...

5.3CVSS6.7AI score0.00487EPSS
Exploits0References1
NVD
NVD
added 2024/05/28 7:15 p.m.25 views

CVE-2024-5434

The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were t...

6.9CVSS6.7AI score0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/28 6:43 p.m.11 views

CVE-2024-5434 Weak Encoding for Password vulnerability in Campbell Scientific CSI Web Server and RTMC

The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were t...

6.9CVSS7.1AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/28 6:43 p.m.32 views

CVE-2024-5434 Weak Encoding for Password vulnerability in Campbell Scientific CSI Web Server and RTMC

The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were t...

6.9CVSS6.7AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/28 6:39 p.m.28 views

CVE-2024-5433 Path Traversal in Campbell Scientific CSI Web Server and RTMC

The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated...

5.3CVSS6.7AI score0.00487EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.7 views

PT-2024-36224 · Campbell Scientific · Campbell Scientific Csi Web Server

Name of the Vulnerable Software and Affected Versions: Campbell Scientific CSI Web Server affected versions not specified Description: The issue concerns the storage of web authentication credentials in a file with a specific name. The passwords in this file are stored in a weakly encoded format,...

6.9CVSS7.3AI score0.00216EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/28 12:0 a.m.5 views

Campbell Scientific CSI Web Server 路径遍历漏洞

Campbell Scientific CSI Web Server is a web server from Campbell Scientific. A path traversal vulnerability exists in Campbell Scientific CSI Web Server version 1.6 and earlier, which originates from a vulnerability that allows an attacker to gain anonymous, unauthenticated access to files and...

5.3CVSS7.1AI score0.00487EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.9 views

PT-2024-36213 · Campbell Scientific · Campbell Scientific Csi Web Server

Name of the Vulnerable Software and Affected Versions: Campbell Scientific CSI Web Server affected versions not specified Description: The issue allows anonymous, unauthenticated access to files and directories outside of the webserver root directory. This is achieved through a specially crafted...

5.3CVSS7.1AI score0.00487EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/28 12:0 a.m.5 views

Campbell Scientific CSI Web Server 安全漏洞

Campbell Scientific CSI Web Server is a web server from Campbell Scientific. A security vulnerability exists in Campbell Scientific CSI Web Server version 1.6 and prior versions, which originates when the password for a file is stored in a weakly encoded format, which allows an attacker to decode...

6.9CVSS6.9AI score0.00216EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2023/11/20 1:57 a.m.44 views

campbellsci.ca Cross Site Scripting vulnerability OBB-3786845

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.3AI score
Exploits0
NVD
NVD
added 2023/01/26 9:18 p.m.21 views

CVE-2023-0321

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the defau...

9.1CVSS9.2AI score0.00864EPSS
Exploits1References2
Prion
Prion
added 2023/01/26 9:18 p.m.17 views

Default configuration

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the defau...

6.4CVSS8.9AI score0.00864EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.6 views

Campbell Scientific dataloggers 信息泄露漏洞

Campbell Scientific dataloggers CR Series is a line of scientific data loggers from Campbell Scientific. A security vulnerability exists in the Campbell Scientific dataloggers that stems from the fact that they allow an attacker to download configuration files that may contain sensitive informati...

9.1CVSS8.2AI score0.00864EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/01/25 12:0 a.m.28 views

CVE-2023-0321 Disclosure of Sensitive Information on Campbell Scientific Products

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the defau...

9.1CVSS9.2AI score0.00864EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/01/25 12:0 a.m.6 views

PT-2023-16175 · Campbell Scientific · Cr300 +4

Name of the Vulnerable Software and Affected Versions: Campbell Scientific dataloggers versions CR6, CR300, CR800, CR1000, CR3000 Description: The issue allows an attacker to download configuration files, potentially containing sensitive internal network information. By default, the devices have...

9.1CVSS9AI score0.00864EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/01/25 12:0 a.m.6 views

CVE-2023-0321 Disclosure of Sensitive Information on Campbell Scientific Products

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the defau...

9.1CVSS9.1AI score0.00864EPSS
Exploits1References2
CVE
CVE
added 2023/01/25 12:0 a.m.65 views

CVE-2023-0321

CVE-2023-0321 affects Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000. With factory defaults the devices have HTTP and PakBus enabled, and the PakBus port allows downloading, modifying, and uploading configuration files that may contain sensitive internal-network information....

9.1CVSS9.2AI score0.00864EPSS
Exploits1References2Affected Software1
Openbugbounty
Openbugbounty
added 2022/08/13 10:4 p.m.22 views

campbellsci.fr Cross Site Scripting vulnerability OBB-2843987

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Rows per page
Query Builder