Lucene search
+L

112 matches found

BDU FSTEC
BDU FSTEC
added 2023/03/23 12:0 a.m.7 views

The vulnerability of the SCADA system’s data server and monitoring tools, such as Custom Reports and IGSS Dashboard, arises due to an incorrect restriction on the path to the restricted access catalog. This allows a perpetrator to execute arbitrary codes.

The vulnerability of the getRMSreportFile function in the SCADA system’s data server and the Custom Reports and IGSS Dashboard monitoring tools exists due to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a attacker to execute...

7.8CVSS7.8AI score0.00725EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/03/23 12:0 a.m.7 views

The vulnerability of the indicator panels of the SCADA system’s data server and the monitoring tools such as Custom Reports and IGSS Dashboard allows a intruder to execute any arbitrary code in the target system.

The vulnerability of the indicator panels of the SCADA system’s data server and the monitoring tools such as Custom Reports and IGSS Dashboard is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a perpetrator to execute arbitrary code on the target...

7.8CVSS7.7AI score0.06482EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/03/23 12:0 a.m.9 views

The vulnerability lies in the executable file IGSSdataServer.exe of the SCADA system’s data server, IGSS Data Server, as well as the executable file DashBoard.exe of the IGSS Dashboard. Additionally, the RMS16.dll library from the report module Custom Reports allows a perpetrator to execute arbitrary code.

The vulnerability of the IGSSdataServer.exe executable of the SCADA system’s data server, the DashBoard.exe executable of the IGSS Dashboard, and the RMS16.dll library of the report module Custom Reports is related to insufficient verification of data authenticity. Exploiting this vulnerability...

10CVSS8AI score0.00403EPSS
Exploits0References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/03/23 12:0 a.m.6 views

The vulnerability lies in the executable file IGSSdataServer.exe of the SCADA system’s data server, IGSS Data Server, as well as the executable file DashBoard.exe of the IGSS Dashboard. Additionally, the RMS16.dll library from the report module Custom Reports can also be exploited, allowing an attacker to cause a service failure.

The vulnerability of the IGSSdataServer.exe executable of the SCADA system’s data server, the DashBoard.exe executable of the IGSS Dashboard, and the RMS16.dll library of the report module Custom Reports is related to insufficient verification of data authenticity. Exploiting this vulnerability c...

6.5CVSS6.7AI score0.00242EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/03/23 12:0 a.m.7 views

The vulnerability of the Custom Reports component of the SCADA system’s data server, as well as the monitoring tools of the Custom Reports and IGSS Dashboards, allows a perpetrator to execute arbitrary code.

The vulnerability of the Custom Reports component of the SCADA system’s data server and the Custom Reports and IGSS Dashboard monitoring tools exists due to insufficient verification of input data. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code using a specially...

7.8CVSS7.8AI score0.00609EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/03/23 12:0 a.m.12 views

The vulnerability lies in the executable file IGSSdataServer.exe of the SCADA system’s data server, IGSS Data Server, as well as the executable file DashBoard.exe of the IGSS Dashboard. Additionally, the RMS16.dll library from the report module Custom Reports allows a hacker to delete arbitrary data.

The vulnerability of the IGSSdataServer.exe executable of the SCADA system’s data server, the DashBoard.exe executable of the IGSS Dashboard, and the RMS16.dll library of the report module Custom Reports is related to the absence of authentication for a critical function. Exploiting this...

6.5CVSS6.2AI score0.00437EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2023/03/22 9:23 p.m.35 views

Pimcore vulnerable to improper quoting of filters in Custom Reports

Impact Since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by manipulating a user to click on a link. The impact of this path traversal and arbitra...

8CVSS8.5AI score0.00856EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/03/22 9:23 p.m.23 views

GHSA-VF7Q-G2PV-JXVX Pimcore vulnerable to improper quoting of filters in Custom Reports

Impact Since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by manipulating a user to click on a link. The impact of this path traversal and arbitra...

6.2CVSS7.6AI score0.00856EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/03/22 8:46 p.m.43 views

CVE-2023-28438 Pimcore vulnerable to improper quoting of filters in Custom Reports

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by...

6.2CVSS8.3AI score0.00856EPSS
Exploits0References3
NVD
NVD
added 2023/03/21 2:15 p.m.20 views

CVE-2023-27983

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...

6.5CVSS6.8AI score0.00437EPSS
Exploits0References1
OSV
OSV
added 2023/03/21 2:15 p.m.4 views

CVE-2023-27983

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...

5.3CVSS6.1AI score0.00437EPSS
Exploits0References1
Prion
Prion
added 2023/03/21 1:15 p.m.16 views

Design/Logic Flaw

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affecte...

6.4CVSS6.5AI score0.00242EPSS
Exploits0References1Affected Software3
OSV
OSV
added 2023/03/21 12:15 p.m.6 views

CVE-2023-27977

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected...

5.3CVSS6.5AI score0.00243EPSS
Exploits0References1
Prion
Prion
added 2023/03/21 12:15 p.m.15 views

Design/Logic Flaw

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected...

5CVSS5.5AI score0.00243EPSS
Exploits0References1Affected Software3
NVD
NVD
added 2023/03/21 11:15 a.m.20 views

CVE-2023-27984

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and...

8.8CVSS8.5AI score0.00609EPSS
Exploits0References1
OSV
OSV
added 2023/03/21 11:15 a.m.4 views

CVE-2023-27984

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and...

8.8CVSS7.8AI score0.00609EPSS
Exploits0References1
Prion
Prion
added 2023/03/21 11:15 a.m.17 views

Input validation

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and...

6.8CVSS8.9AI score0.00609EPSS
Exploits0References1Affected Software3
OSV
OSV
added 2023/03/21 10:15 a.m.4 views

CVE-2023-27981

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and prior, IGSS...

8.8CVSS7.8AI score0.00725EPSS
Exploits0References1
NVD
NVD
added 2023/03/21 10:15 a.m.26 views

CVE-2023-27981

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and prior, IGSS...

8.8CVSS8.5AI score0.00725EPSS
Exploits0References1
Prion
Prion
added 2023/03/21 10:15 a.m.16 views

Design/Logic Flaw

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and prior, IGSS...

6.8CVSS8.8AI score0.00725EPSS
Exploits0References1Affected Software3
Rows per page
Query Builder