PT-2023-7123 · Siemens · Sinema Server

Name of the Vulnerable Software and Affected Versions: SINEMA Server V14 All versions Description: A vulnerability has been identified in the SINEMA Server application, where it improperly sanitizes certain SNMP configuration data retrieved from monitored devices. This could allow an attacker wit...

CVE-2023-34317

An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to...

Open Automation Software OAS Platform Input Validation Error Vulnerability

Open Automation Software OAS Platform is an Industrial Internet of Things IoT suite from US-based Open Automation Software, Inc. Designed to help organizations connect data sources to the OAS Platform. An input validation error vulnerability exists in Open Automation Software OAS Platform version...

PT-2023-24809 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 18.00.0072 Description: An improper input validation vulnerability exists in the OAS Engine User Creation functionality. A specially crafted series of network requests can lead to unexpected data ...

"Failed to convert Boot Configuration Data. The system cannot find the file specified. (0x00000002)"

Attemtpting to run P2pvs and get error "Failed to convert Boot Configuration Data. The system cannot find the file specified. 0x00000002" Followed https://support.citrix.com/article/CTX202159 and still same issue...

Schneider Electric EcoStruxure Operator Terminal Expert VXDZ File Parsing Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Operator Terminal Expert. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...

CVE-2023-25948

Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...

CVE-2023-25948

Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...

Information disclosure

Server information leak of configuration data when an error is generated in response to a specially crafted message...

CVE-2023-25948 Server Data type confusion - info leak

Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...

CVE-2023-25948 Server Data type confusion - info leak

Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...

CVE-2023-25948

CVE-2023-25948 corresponds to a server information leak of configuration data triggered by errors in response to specially crafted messages for Honeywell Experion PKS, LX, and PlantCruise. Affected products involve Honeywell’s Experion PKS/LX/PlantCruise platforms with root cause described as inf...

PT-2023-3882 · Honeywell · Honeywell Experion Pks +2

Name of the Vulnerable Software and Affected Versions: Honeywell Experion PKS affected versions not specified Honeywell Experion LX affected versions not specified Experion PlantCruise affected versions not specified Description: The issue is related to a server information leak of configuration...

Honeywell Products 安全漏洞

Honeywell Products is a line of products from Honeywell USA. A security vulnerability exists in Honeywell Products that originates from the disclosure of server information about configuration data when an error is generated in response to a specially crafted message...

CVE-2023-35873

The Runtime Workbench RWB of SAP NetWeaver Process Integration - version SAPXITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The...

CVE-2023-35872

The Message Display Tool MDT of SAP NetWeaver Process Integration - version SAPXIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The...

Jenkins: Information disclosure through error stack traces related to agents

A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers...

The vulnerability of the microprogramming software of ABB Terra AC wallboxes—UL40, Terra AC wallbox 80A, Terra AC wallbox UL32A, Terra AC wallbox CE MID, Terra AC wallbox CE Juno, Terra AC wallbox CE PTB, Terra AC wallbox CE Symbiosis, and Terra AC wallbox JP—is related to the transmission of data in an open manner. This allows a intruder to access the configuration data.

The vulnerability of the microprogramming software of ABB Terra AC wallboxes—such as Terra AC wallbox UL40, Terra AC wallbox 80A, Terra AC wallbox UL32A, Terra AC wallbox CE MID, Terra AC wallbox CE Juno, Terra AC wallbox CE PTB, Terra AC wallbox CE Symbiosis, and Terra AC wallbox JP—is related t...

CVE-2023-24546

On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts...

Arista Networks CloudVision Portal 安全漏洞

Arista Networks CloudVision Portal is a suite of web-based user management portals for the CloudVision platform from Arista Networks, USA. The product includes features such as network device configuration, compliance management, change management, and network monitoring management. A security...