23 matches found
EUVD-2020-7776
Malware in sbrugna...
EUVD-2020-7777
Malware in sbrugna...
EUVD-2020-7775
Malware in sbrugna...
CVE-2020-15792
A vulnerability has been identified in Desigo Insight All versions. The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack...
CVE-2020-15794
A vulnerability has been identified in Desigo Insight All versions. Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system...
CVE-2020-15793
A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...
The vulnerability of the Desigo Insight building management software lies in the improper restriction on the visible layers of the user interface. This allows a hacker to redirect users to any desired website.
The vulnerability of the Desigo Insight building management software is related to an improper limitation on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor to redirect users to any desired website...
CVE-2020-15793
A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...
CVE-2020-15794
A vulnerability has been identified in Desigo Insight All versions. Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system...
CVE-2020-15792
A vulnerability has been identified in Desigo Insight All versions. The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack...
CVE-2020-15794
A vulnerability has been identified in Desigo Insight All versions. Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system...
CVE-2020-15793
A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...
CVE-2020-15792
A vulnerability has been identified in Desigo Insight All versions. The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack...
Information disclosure
A vulnerability has been identified in Desigo Insight All versions. Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system...
Design/Logic Flaw
A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...
Sql injection
A vulnerability has been identified in Desigo Insight All versions. The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack...
CVE-2020-15794
CVE-2020-15794 affects Siemens Desigo Insight (All versions). The web application may reveal absolute file system paths in error messages, enabling an authenticated attacker to retrieve additional information about the host system (information disclosure). Mitigations documented by vendors includ...
CVE-2020-15794
A vulnerability has been identified in Desigo Insight All versions. Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system...
CVE-2020-15792
A vulnerability has been identified in Desigo Insight All versions. The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack...
CVE-2020-15793
CVE-2020-15793 affects Siemens Desigo Insight (all versions). The vulnerability stems from not properly setting the X-Frame-Options header, enabling clickjacking that could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user. The ICSA advisory notes th...