CVE-2023-29128

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacke...

CVE-2023-29106

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint...

CVE-2023-29103

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1, SIMATIC Cloud Connect 7 CC716 All versions V2.1. The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected dat...

CVE-2023-29107

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources...

EUVD-2023-32708

Malicious code in bioql PyPI...

EUVD-2023-32706

Malicious code in bioql PyPI...

EUVD-2023-32707

Malicious code in bioql PyPI...

EUVD-2023-32464

Malicious code in bioql PyPI...

EUVD-2025-23883

Malicious code in bioql PyPI...

EUVD-2023-32731

Malicious code in bioql PyPI...

EUVD-2025-16047

Malicious code in bioql PyPI...

EUVD-2023-32710

Malicious code in bioql PyPI...

EUVD-2023-32709

Malicious code in bioql PyPI...

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on August 19, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-231-01 Siemens Desigo CC Product Family and SENTRON Powermanager ICSA-25-231-02 Siemen...

The vulnerability of the monitoring and control device for solar energy systems, Tigo Cloud Connect Advanced (CCA), arises from the use of strictly encrypted account data. This allows attackers to circumvent security restrictions, gain increased privileges, and obtain full control over the device.

The vulnerability of the monitoring and control device for solar energy systems, Tigo Cloud Connect Advanced CCA, lies in the use of strictly encrypted account data. Exploiting this vulnerability allows a malicious actor to bypass security restrictions, gain increased privileges, and obtain full...

The vulnerability of the monitoring and control tool for solar energy systems, Tigo Cloud Connect Advanced (CCA), arises from incorrect generation of session identifiers. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the monitoring and control tool for solar energy systems, Tigo Cloud Connect Advanced CCA, is related to the improper generation of session identifiers. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the DEVICE_PING command in the monitoring and control software for solar energy systems, Tigo Cloud Connect Advanced (CCA), allows a hacker to gain unauthorized access to protected information, execute arbitrary commands, or cause service interruptions.

The vulnerability of the DEVICEPING command in the monitoring and management tool for solar energy systems, Tigo Cloud Connect Advanced CCA, is related to the lack of data cleaning at the control level during the processing of the final endpoint /cgi-bin/mobileapi. Exploiting this vulnerability c...

Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 - Command Injection

/ Title : Tigo Energy Cloud Connect Advanced CCA 4.0.1 - Command Injection Author : Byte Reaper CVE : CVE-2025-7769 / include include include include "argparse.h" include include include define FULLURL 2500 define POSTPAYLOAD 5500 const char baseurl = NULL; const char cookies = NULL; const char i...

CVE-2025-7768

Tigo Energy's Cloud Connect Advanced CCA device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar...

CVE-2025-7768

Tigo Energy's Cloud Connect Advanced CCA device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar...