83 matches found
CVE-2021-43938
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization...
CVE-2021-43937
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...
CVE-2021-43937
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...
Authorization
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization...
CVE-2021-43938
Elcomplus SmartPTT SCADA Server (vulnerable component: information exposure via unauthenticated file requests) is affected by CVE-2021-43938. The vulnerability arises from allowing an unauthenticated user to request various files from the server without authentication or authorization, leading to...
CVE-2021-43938 Elcomplus SmartPTT SCADA Server Information Exposure
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization...
CVE-2021-43937
The CVE-2021-43937 entry affects Elcomplus SmartPTT SCADA Server, where the web application does not sufficiently verify that a request is intentionally submitted by the user. This is a Cross-site Request Forgery (CSRF) vulnerability (CWE-352) impacting the SmartPTT SCADA Server web interface. Th...
CVE-2021-43937 Elcomplus SmartPTT SCADA Server Cross-site Request Forgery
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...
CVE-2021-43932
Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page...
CVE-2021-43932
Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page...
CVE-2021-43939
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints...
CVE-2021-43939
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints...
CVE-2021-43934
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files...
CVE-2021-43930
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system...
CVE-2021-43930
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system...
Path traversal
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system...
Design/Logic Flaw
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files...
Code injection
Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page...
CVE-2021-43939 Elcomplus SmartPtt Improper Authorization
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints...
CVE-2021-43939
CVE-2021-43939 affects Elcomplus SmartPTT (SCADA/server endpoints). The vulnerability is improper authorization (CWE-285) that lets a low-authenticated user issue requests to admin-level endpoints, enabling privilege escalation with high impact to confidentiality, integrity and availability. Affe...