112 matches found
The vulnerability of the SCADA system’s data server and monitoring tools, such as Custom Reports and IGSS Dashboard, arises due to an incorrect restriction on the path to the restricted access catalog. This allows a perpetrator to execute arbitrary codes.
The vulnerability of the getRMSreportFile function in the SCADA system’s data server and the Custom Reports and IGSS Dashboard monitoring tools exists due to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a attacker to execute...
The vulnerability of the indicator panels of the SCADA system’s data server and the monitoring tools such as Custom Reports and IGSS Dashboard allows a intruder to execute any arbitrary code in the target system.
The vulnerability of the indicator panels of the SCADA system’s data server and the monitoring tools such as Custom Reports and IGSS Dashboard is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a perpetrator to execute arbitrary code on the target...
The vulnerability lies in the executable file IGSSdataServer.exe of the SCADA system’s data server, IGSS Data Server, as well as the executable file DashBoard.exe of the IGSS Dashboard. Additionally, the RMS16.dll library from the report module Custom Reports allows a perpetrator to execute arbitrary code.
The vulnerability of the IGSSdataServer.exe executable of the SCADA system’s data server, the DashBoard.exe executable of the IGSS Dashboard, and the RMS16.dll library of the report module Custom Reports is related to insufficient verification of data authenticity. Exploiting this vulnerability...
The vulnerability lies in the executable file IGSSdataServer.exe of the SCADA system’s data server, IGSS Data Server, as well as the executable file DashBoard.exe of the IGSS Dashboard. Additionally, the RMS16.dll library from the report module Custom Reports can also be exploited, allowing an attacker to cause a service failure.
The vulnerability of the IGSSdataServer.exe executable of the SCADA system’s data server, the DashBoard.exe executable of the IGSS Dashboard, and the RMS16.dll library of the report module Custom Reports is related to insufficient verification of data authenticity. Exploiting this vulnerability c...
The vulnerability of the Custom Reports component of the SCADA system’s data server, as well as the monitoring tools of the Custom Reports and IGSS Dashboards, allows a perpetrator to execute arbitrary code.
The vulnerability of the Custom Reports component of the SCADA system’s data server and the Custom Reports and IGSS Dashboard monitoring tools exists due to insufficient verification of input data. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code using a specially...
The vulnerability lies in the executable file IGSSdataServer.exe of the SCADA system’s data server, IGSS Data Server, as well as the executable file DashBoard.exe of the IGSS Dashboard. Additionally, the RMS16.dll library from the report module Custom Reports allows a hacker to delete arbitrary data.
The vulnerability of the IGSSdataServer.exe executable of the SCADA system’s data server, the DashBoard.exe executable of the IGSS Dashboard, and the RMS16.dll library of the report module Custom Reports is related to the absence of authentication for a critical function. Exploiting this...
Pimcore vulnerable to improper quoting of filters in Custom Reports
Impact Since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by manipulating a user to click on a link. The impact of this path traversal and arbitra...
GHSA-VF7Q-G2PV-JXVX Pimcore vulnerable to improper quoting of filters in Custom Reports
Impact Since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by manipulating a user to click on a link. The impact of this path traversal and arbitra...
CVE-2023-28438 Pimcore vulnerable to improper quoting of filters in Custom Reports
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by...
CVE-2023-27983
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...
CVE-2023-27983
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...
Design/Logic Flaw
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affecte...
CVE-2023-27977
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected...
Design/Logic Flaw
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected...
CVE-2023-27984
A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and...
CVE-2023-27984
A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and...
Input validation
A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and...
CVE-2023-27981
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and prior, IGSS...
CVE-2023-27981
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and prior, IGSS...
Design/Logic Flaw
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and prior, IGSS...