60 matches found
CVE-2024-25831
F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting XSS vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface...
CVE-2024-25831
F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting XSS vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface...
CVE-2024-25830
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the...
CVE-2024-25833
F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database...
Cross site scripting
F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting XSS vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface...
Path traversal
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the...
Sql injection
F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database...
Field Logic DataCube3 Security Vulnerability
Field Logic DataCube4 is a small measurement terminal system from Field Logic. A security vulnerability exists in Field Logic DataCube3 version 1.0 that stems from incorrect directory access restrictions and is susceptible to incorrect access control...
Field Logic DataCube3 Permission License and Access Control Issues Vulnerability
Field Logic DataCube4 is a small measurement terminal system from Field Logic. A security vulnerability exists in Field Logic DataCube3 version 1.0 that stems from vulnerability to unrestricted file uploads, which could allow an authenticated malicious actor to upload dangerous types of files by...
CVE-2024-25832
Summary (CVE-2024-25832) : F-logic DataCube3 v1.0 is reported vulnerable to unrestricted file upload by manipulating the filename extension. The issue is classified with high impact (CVSSv3.1: 8.8, HIGH) and requires authentication with low privileges; exploitation could lead to code execution, d...
CVE-2024-25832
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension...
CVE-2024-25831
F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting XSS vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface...
CVE-2024-25833
F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database...
CVE-2024-25830
DataCube3 v1.0 suffers from an Incorrect Access Control due to an improper directory access restriction. An unauthenticated remote attacker can exploit this by sending a URI that includes the path of the configuration file, potentially extracting the root and admin passwords . Multiple connected ...
CVE-2024-25832
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension...
CVE-2024-25831
F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting XSS vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface...
PT-2024-2172 · Unknown · F-Logic Datacube3
Name of the Vulnerable Software and Affected Versions: F-logic DataCube3 version 1.0 Description: The issue is related to insufficient access control in the F-logic DataCube3 terminal measurement system software for power generation systems. This can be exploited by an unauthenticated, remote...
CVE-2024-25831
Summary: CVE-2024-25831 concerns F-Logic DataCube3 v1.0 with a reflected XSS vulnerability caused by improper input sanitization. The issue allows an authenticated, remote attacker to execute arbitrary JavaScript in the web management interface. The Red Hat, JVN/JPCERT-related entries and multipl...
CVE-2024-25833
CVE-2024-25833 affects Field Logic DataCube3 v1.0. The available data describe an unauthenticated SQL injection vulnerability allowing an attacker to execute arbitrary SQL queries in the database. The vulnerability is rated critical (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Connected docu...
CVE-2024-25833
F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database...