EUVD-2023-27653

Malicious code in bioql PyPI...

CVE-2023-6333

The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session...

Control By Web Relay Cross-Site Scripting Vulnerability

Control By Web Relay is a web control relay from Control By Web. A security vulnerability exists in Control By Web Relay X-332 and X-301, which stems from susceptibility to a stored cross-site scripting vulnerability that could allow an attacker to inject arbitrary script into the endpoints of a...

The vulnerability of the microprogramming software of the input/output controller for controlling and monitoring the Control By Web X-600M, related to errors during code generation, allows a perpetrator to execute arbitrary code.

The vulnerability of the microprogramming software of the input/output controller for controlling and monitoring the Control By Web X-600M is related to errors during code generation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by running scripts written ...

CVE-2023-23551

Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-23553

Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker...

CVE-2023-23551

Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-23553 X-400 Cross-Site Scripting

Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker...

CVE-2023-23553

CVE-2023-23553 is a Cross-Site Scripting vulnerability affecting Control By Web X-400 web-enabled industrial I/O controllers. The issue arises from improper input handling during web page generation, allowing leakage of private and session information. Affected products: X-400 devices with firmwa...

CVE-2023-23551 X-600M Code Injection

Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-23551

CVE-2023-23551 affects Control By Web X-600M web-enabled industrial I/O controllers. The vulnerability arises from improper generation of code, allowing Lua-script execution that could let an attacker remotely execute arbitrary code via the network. Affected device: X-600M; root cause: code injec...

PT-2023-1509 · Controlbyweb · Control By Web X-600M

Name of the Vulnerable Software and Affected Versions: Control By Web X-600M affected versions not specified Description: The issue is related to code injection in Lua scripts, which could allow an attacker to remotely execute arbitrary code. This is due to errors in code generation. The...

PT-2023-19035 · Controlbyweb · Control By Web X-400

Name of the Vulnerable Software and Affected Versions: Control By Web X-400 devices affected versions not specified Description: The issue concerns a cross-site scripting attack that could result in private and session information being transferred to the attacker. Recommendations: At the moment,...

Control By Web X-600M 代码注入漏洞

Control By Web X-600M is a modular, web-enabled industrial I/O controller from Control By Web. The Control By Web X-600M suffers from a code injection vulnerability that stems from running Lua scripts that are susceptible to code injection attacks. An attacker could exploit this vulnerability to...

Control By Web X-400 跨站脚本漏洞

Control By Web X-400 is a modular, web-enabled industrial I/O controller from Control By Web. A cross-site scripting vulnerability exists in Control By Web X-400. An attacker could exploit this vulnerability to disclose private and session information...

Control By Web X-400, X-600M

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Control By Web Equipment: X-400, X-600M Vulnerabilities: Cross-Site Scripting, Code Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to inject...

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS advisories on February 9, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

CVE-2018-18881

A Denial of Service DOS issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory rese...