Chalemelon Power Security Breach

Chalemelon Power is a shopping platform for virtual experiences. A security vulnerability exists in version 1.0 of the Chalemelon Power framework, which stems from a path traversal vulnerability in the getImage parameter. The vulnerability can be exploited to read files on the server and access...

Citrix Delivery Controllers generates Event ID 505 and Event ID 3602 continuously

Upgrading CVAD version to 2308 generates“Citrix ConfigSync Service” with "Event ID “505 ” and "Citrix High Availability Service" with "Event ID 3602" The Citrix Config Sync Service failed an import. Error details: Error importing configuration data into secondary Broker...

CVE-2023-39337

A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious...

The vulnerability of the software for designing, operating, and maintaining COMOS technological installations lies in the transfer of accounting data in unencrypted form, allowing a perpetrator to gain access to configuration data.

The vulnerability of COMOS’ software for the design, operation, and maintenance of technological installations lies in the transfer of accounting data in an unencrypted form. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to configuration data...

PT-2023-6874 · Comos · Comos

Name of the Vulnerable Software and Affected Versions: COMOS versions prior to V10.4.4 Description: The issue is related to the transmission of credentials in unencrypted form, potentially allowing a remote attacker to access configuration data. The caching system in the affected application leak...

VulnCheck KEV: CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

CVE-2023-31416 Elastic Cloud on Kubernetes (ECK) secret token configuration issue

Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment...

CVE-2023-46125

CVE-2023-46125 affects the Fides open-source privacy platform. The vulnerability arises in the webserver API’s GET /api/v1/config endpoint, where configuration data is returned with sensitive internals and backend details (e.g., settings, server addresses/ports, database username) despite filteri...

CVE-2023-46125 Fides Information Disclosure Vulnerability in Config API Endpoint

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

The vulnerability of the SICAM PAS/PQS automation software for controlling electrical energy facilities lies in the improper assignment of permissions for critical resources during the verification of the certificate signing request. This allows a violator to read and modify these configuration data within the context of the application process.

The vulnerability of the SICAM PAS/PQS software for automating control systems in electrical energy facilities is related to the incorrect assignment of permissions to critical resources. Exploiting this vulnerability could allow an attacker to read and modify configuration data during the...

Siemens SICAM PAS/PQS Incorrect Privilege Assignment Vulnerability

Siemens SICAM PAS/PQS is a software from Siemens with an operating system for energy automation and power quality. Siemens SICAM PAS/PQS suffers from an incorrect privilege assignment vulnerability that can be exploited by an attacker to read and modify configuration data in the context of an...

Siemens SINEC NMS Cross-Site Scripting Vulnerability

Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A cross-site scripting vulnerability exists in the Siemens SINEC NMS...

CVE-2023-38640

A vulnerability has been identified in SICAM PAS/PQS All versions = V8.00 V8.22. The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the applicatio...

CVE-2023-38640

A vulnerability has been identified in SICAM PAS/PQS All versions = V8.00 V8.22. The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the applicatio...

CVE-2023-35796

A vulnerability has been identified in SINEMA Server V14 All versions. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting XSS attack that may lead...

Design/Logic Flaw

A vulnerability has been identified in SICAM PAS/PQS All versions = V8.00 V8.22. The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the applicatio...

CVE-2023-38640

A vulnerability has been identified in SICAM PAS/PQS All versions = V8.00 V8.22. The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the applicatio...

CVE-2023-38640

A vulnerability has been identified in SICAM PAS/PQS All versions = V8.00 V8.22. The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the applicatio...

Siemens SINEC NMS 跨站脚本漏洞

Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A cross-site scripting vulnerability exists in the Siemens SINEC NMS...

Siemens SICAM PAS/PQS 安全漏洞

Siemens SICAM PAS/PQS is a software from Siemens with an operating system for energy automation and power quality. Siemens SICAM PAS/PQS suffers from an incorrect privilege assignment vulnerability that can be exploited by an attacker to read and modify configuration data in the context of an...