PT-2024-1432 · Unknown · Machinesense +3

Name of the Vulnerable Software and Affected Versions: MachineSense devices affected versions not specified FeverWarn ESP32 affected versions not specified FeverWarn RaspberryPi affected versions not specified FeverWarn DataHub RaspberryPi affected versions not specified Description: The issue is...

The vulnerability in the hedwig.cgi script of D-Link DIR-859 router software allows a hacker to gain unauthorized access to protected information.

The vulnerability in the hedwig.cgi microprogramming system of D-Link DIR-859 relates to an incorrect restriction on the path name to the getcfg directory ../../.. /../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml, which provides limited access. Exploiting this vulnerability can allow an attacker to...

Siemens SIMATIC CN 4100 Authorization Bypass Vulnerability

The SIMATIC CN 4100 is a communication node that can be connected to third-party systems. An authorization bypass vulnerability exists in the Siemens SIMATIC CN 4100, which can be exploited by an attacker to remotely log in as root and take control of the device...

CVE-2023-49621

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.7. The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device...

Siemens SIMATIC CN 4100 安全漏洞

The SIMATIC CN 4100 is a communication node that can be connected to third-party systems. An authorization bypass vulnerability exists in the Siemens SIMATIC CN 4100, which can be exploited by an attacker to remotely log in as root and take control of the device...

PHOENIX CONTACT Automation Worx Software Suite Security Vulnerability

PHOENIX CONTACT Automation Worx Software Suite is an automation Worx software suite from PHOENIX CONTACT, Germany. A security vulnerability exists in PHOENIX CONTACT Automation Worx Software Suite, which originated from a vulnerability in the incorrect assignment of critical resource privileges,...

CVE-2023-5500

Concrete details found: CVE-2023-5500 maps to Frauscher Sensortechnik FDS102, describing a Code Injection vulnerability (Improper Control of Generation of Code) that could allow a remote attacker with low privileges to gain full control of the device. Affected product: Frauscher FDS102 (noted in ...

CVE-2023-6357 OS Command Injection in multiple CODESYS products

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device...

CVE-2023-24048

Cross Site Request Forgery CSRF vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /manpassword.htm...

CVE-2023-24048

Cross Site Request Forgery CSRF vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /manpassword.htm...

CVE-2023-24048

The CVE-2023-24048 entry concerns a CSRF vulnerability in Connectize AC21000 G6 641.139.1.1256. The description states that attackers can gain control of the device via a crafted GET request to /man_password.htm. The connected Red Hat CVE entries reiterate the same description but there is no add...

CVE-2023-24048

Cross Site Request Forgery CSRF vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /manpassword.htm...

LOYTEC electronics GmbH LINX Configurator Security Breach

LOYTEC electronics GmbH LINX Configurator is a tool from the Austrian company LOYTEC electronics GmbH for configuring and managing devices on its LINX platform. A security vulnerability in LOYTEC electronics GmbH LINX Configurator version 7.4.10, which stems from the failure to encrypt the...

VulnCheck KEV: CVE-2021-30168

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices...

Design/Logic Flaw

A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device...

CVE-2023-5984

A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device...

The vulnerability of the software for managing devices in the Zoho ManageEngine Device Control Plus system, related to insufficient access control, allows a perpetrator to circumvent restrictions on USB drives usage.

The vulnerability of the software for managing devices in the Zoho ManageEngine Device Control Plus network is related to deficiencies in access control. Exploiting this vulnerability could allow a hacker to circumvent restrictions on the use of USB drives...

PT-2023-7005 · Schneider Electric · Schneider Electric Powerlogic Ion8650 +1

Name of the Vulnerable Software and Affected Versions: Schneider Electric PowerLogic ION8650, ION8800 affected versions not specified Description: A Download of Code Without Integrity Check issue exists, allowing modified firmware to be uploaded during a firmware update procedure initiated by an...

The vulnerability of the microprogrammed software of the programmable logic controller LS ELECTRIC XBC-DN32U lies in the lack of authentication for a critical function. This allows attackers to escalate their privileges and gain control over the device.

The vulnerability of the microprogrammed logic controller LS ELECTRIC XBC-DN32U lies in the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker to enhance their privileges and gain control over the device...

Apple Releases Security Advisories for Multiple Products

Apple has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates:...