43 matches found
CVE-2021-22798
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext� ComBox All Versions...
EUVD-2021-9933
Malicious code in bioql PyPI...
EUVD-2022-35586
Malicious code in bioql PyPI...
EUVD-2022-35588
Malicious code in bioql PyPI...
EUVD-2022-35587
Malicious code in bioql PyPI...
CVE-2022-32516
A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery CSRF. Affected Products: Conext™ ComBox All Versions...
CVE-2022-32515
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox All Versions...
Authentication flaw
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox All Versions...
Design/Logic Flaw
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames ...
Cross site request forgery (csrf)
A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery CSRF. Affected Products: Conext™ ComBox All Versions...
CVE-2022-32516
Schneider Electric Conext ComBox (all versions) is affected by a Cross-Site Request Forgery (CSRF) vulnerability that can cause a configuration override and trigger a reboot loop when a POST-based CSRF is exploited. The issue is a CSRF in the device’s configuration interface that an attacker can ...
CVE-2022-32515
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox All Versions...
CVE-2022-32517
The CVE-2022-32517 entry describes a CWE-1021 vulnerability in Schneider Electric Conext ComBox (all versions) where there is an improper restriction on rendering UI layers/frames from external addresses. The root cause is the product not restricting rendering within frames against external domai...
CVE-2022-32517
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames ...
Schneider Electric Conext ComBox 跨站请求伪造漏洞
The Schneider Electric Conext ComBox is a communication and monitoring device from Schneider Electric France. The Schneider Electric Conext ComBox suffers from a cross-site request forgery vulnerability that can be exploited by a remote attacker to construct a malicious URI, which induces a reque...
Schneider Electric Conext ComBox 安全漏洞
Schneider Electric Conext ComBox is a powerful communication and monitoring device from Schneider Electric, a French company. A security vulnerability exists in all versions of the Schneider Electric Conext ComBox that stems from an incorrect limit on the number of authentication attempts that...
CVE-2022-32516
A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery CSRF. Affected Products: Conext™ ComBox All Versions...
CVE-2022-32516
A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery CSRF. Affected Products: Conext™ ComBox All Versions...
CVE-2022-32517
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames ...
Schneider Electric Conext ComBox 安全漏洞
The Schneider Electric Conext ComBox is a powerful communication and monitoring device from Schneider Electric France. A security vulnerability exists in the Schneider Electric Conext ComBox that stems from an improper restriction on its rendering UI layer or frames that could allow an attacker t...