TencentOS Server 2: git (TSSA-2023:0069)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0069 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

AVEVA PI Web API

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disable content security policy protections. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

AVEVA PI Connector for CygNet

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to persist arbitrary code in the administrative portal of the product or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

Moderate: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

The vulnerability of the SCADA system Pult.online, related to inconsistencies in responses to incoming requests, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the SCADA system Pult.online is related to inconsistencies in responses to incoming requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information by sending a specially crafted POST request...

CVE-2025-3611

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

CVE-2024-9787

A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit...

CVE-2024-25008

Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for examp...

CVE-2023-27350

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. ...

CVE-2022-30260

Emerson DeltaV Distributed Control System DCS has insufficient verification of firmware integrity an inadequate checksum approach, and no signature. This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards...

CVE-2022-29965

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface 23/TCP on M-series and SIS CSLS/LSNB/LSNG nodes is controlled by means of utility passwords. These passwords are...

Siemens SiPass

SUMMARY SiPass integrated ACC Advanced Central Controller devices do not properly check the integrity of firmware updates. This could allow an attacker to upload a maliciously modified firmware onto the device. Siemens is preparing fix versions and recommends specific countermeasures for...

CVE-2022-29964

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350...

CVE-2022-29963

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350...

CVE-2020-21999

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...

CVE-2020-27708

A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for high privileged...

CVE-2020-16850

Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to...

CVE-2013-3380

The administrative web interface in the Access Control Server in Cisco Secure Access Control System ACS does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279...

CVE-2013-1200

Session fixation vulnerability in Cisco Secure Access Control System ACS allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787...

Rockwell Automation FactoryTalk Historian ThingWorx

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to launch XXE-based attacks on applications that accept malicious log4net configuration files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...