57 matches found
Siemens Energy Services
SUMMARY Siemens Energy Services previously known as Managed Applications and Services, sell solutions using Elspec G5 Digital Fault Recorder which contains default credentials with admin privileges. A client configuration with remote access could allow an attacker to gain remote control of the...
CVE-2024-22085
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable...
CVE-2024-22081
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism...
CVE-2024-22079
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism...
CVE-2024-22077
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions...
CVE-2024-22084
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files...
CVE-2024-22082
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system...
CVE-2024-46603
An XML External Entity XXE vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service DoS via a crafted XML payload...
Elspec G5 Digital Fault Recorder Path Traversal (CVE-2024-22079)
An issue was discovered in Elspec G5 digital fault recorder. Directory traversal can occur via the system logs download mechanism. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Elspec G5 Digital Fault Recorder Inconsistent Interpretation of HTTP Requests (CVE-2024-22081)
An issue was discovered in Elspec G5 digital fault recorder. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Elspec G5 Digital Fault Recorder Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2024-22080)
An issue was discovered in Elspec G5 digital fault recorder. Unauthenticated memory corruption can occur during XML body parsing. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Elspec G5 Digital Fault Recorder Exposure of Information Through Directory Listing (CVE-2024-22082)
An issue was discovered in Elspec G5 digital fault recorder. Unauthenticated directory listing can occur: the web interface cay be abused by an attacker get a better understanding of the operating system. This plugin only works with Tenable.ot. Please visit...
Elspec G5 Digital Fault Recorder Incorrect Default Permissions (CVE-2024-22085)
An issue was discovered in Elspec G5 digital fault recorder. The shadow file is world readable This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...
Elspec G5 Digital Fault Recorder VsFTPd Service Denial of Service (CVE-2021-30047)
Outdated vsftpd service with known DoS issue. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid502820; scriptversion"1.2";...
Elspec G5 Digital Fault Recorder Stored Cross-Site Scripting (CVE-2024-46602)
An issue was discovered in Elspec G5 digital fault recorder. A stored cross-site scripting XSS vulnerability may allow an attacker to execute arbitrary web scripts or HTML. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
CVE-2024-46602
An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity XXE vulnerability may allow an attacker to cause a Denial of Service DoS via a crafted XML payload...
CVE-2024-46601
CVE-2024-46601 affects Elspec G5 Digital Fault Recorder firmware. A buffer overflow in Firmware v1.2.1.12 (and earlier per sources) could allow code execution on the device. CVSSv3.1 base score 7.5 (HIGH) with network access, no user interaction required, and no confidentiality/integrity impact r...
CVE-2024-46601
Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow...
CVE-2024-46602
Summary: CVE-2024-46602 affects Elspec G5 digital fault recorder, versions 1.2.1.12 and earlier. The issue is an XML External Entity (XXE) vulnerability that may enable a remote attacker to trigger a Denial of Service via a crafted XML payload. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N...
Elspec G5 Digital Fault Recorder 安全漏洞
Elspec G5 Digital Fault Recorder is a digital fault recorder from Elspec, Israel. It is used to monitor and record fault events and waveform data in power systems. A security vulnerability exists in Elspec G5 Digital Fault Recorder version 1.2.1.12 and earlier, which stems from a contained buffer...