Wago PFC100/200 Web-Based Management Authentication Timing Information Disclosure (CVE-2019-5135)

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...

Intel® Ethernet Controllers and Adapters Advisory

Summary: A potential security vulnerability in some Intel® Ethernet Controllers and Adapters may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-36382 Description: Out-of-bounds write in firmware for som...

The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.

...

The vulnerabilities of Redfish components and the API of microprogramming software for AMI MegaRAC controllers allow a perpetrator to gain unauthorized access to protected information.

The vulnerability of Redfish components and the API of microprogramming software for AMI MegaRAC controllers is related to insufficient calculation of password hashes. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

Schneider Electric SoMachine HVAC Buffer Overflow Vulnerability

Schneider Electric SoMachine HVAC is a suite of programming software dedicated to Schneider Electric logic controllers from the French company Schneider Electric Schneider Electric. A buffer overflow vulnerability exists in Schneider Electric SoMachine HVAC, which can be exploited by a remote...

CVE-2023-25012

The Linux kernel through 6.1.9 has a Use-After-Free in bigbenremove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long...

AZL-13291 CVE-2023-25012 affecting package kernel for versions less than 5.15.107.1-2

The Linux kernel through 6.1.9 has a Use-After-Free in bigbenremove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long...

Design/Logic Flaw

The Linux kernel through 6.1.9 has a Use-After-Free in bigbenremove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long...

UBUNTU-CVE-2023-25012

The Linux kernel through 6.1.9 has a Use-After-Free in bigbenremove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long...

CVE-2023-25012

The Linux kernel through 6.1.9 has a Use-After-Free in bigbenremove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long...

CVE-2023-25012

The Linux kernel through 6.1.9 has a Use-After-Free in bigbenremove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long...

Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type (CVE-2021-38397)

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. This plugin only works with Tenable.ot. Please visit...

Honeywell Experion PKS and ACE Controllers Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2021-38395)

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. This plugin only works with Tenable.ot. Please visit...

CVE-2023-25012

The Linux kernel through 6.1.9 has a Use-After-Free in bigbenremove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long...

CVE-2022-45789

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert All Versions, EcoStruxure Process Expert All Versions...

CVE-2022-32513

A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC Versions prior to V1.10.0, Wiser for C-Bus Automation Controller -...

CVE-2022-32513

A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC Versions prior to V1.10.0, Wiser for C-Bus Automation Controller -...

Schneider Electric C-Bus Home Automation 安全漏洞

Schneider Electric C-Bus Home Automation is a series of bus-based home automation systems from the French company Schneider Electric. A security vulnerability exists in several Schneider Electric C-Bus product models, which stems from an under-restricted weak password requirement that allows an...

Mitsubishi Electric MELFA Robot Controllers 安全漏洞

Mitsubishi Electric MELFA Robot Controllers are high-precision robotic arm controllers from Mitsubishi Electric Japan. A security vulnerability exists in Mitsubishi Electric MELFA Robot Controllers, which stems from an authentication bypass vulnerability caused by active debugging code, which cou...

Mitsubishi Electric MELFA SD/SQ series and F-series Robot Controllers

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELFA SD/SQ series and F-series Robot Controllers Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...