27 matches found
EUVD-2024-43423
Malicious code in bioql PyPI...
CISA Releases Nineteen Industrial Control Systems Advisories
CISA released nineteen Industrial Control Systems ICS advisories on November 14, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-319-01 Siemens RUGGEDCOM CROSSBOW ICSA-24-319-02 Siemens SIPORT ICSA-24-319-03...
Elvaco M-Bus Metering Gateway CMe3100 Access Control Error Vulnerability
Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco. An access control error vulnerability exists in the Elvaco M-Bus Metering Gateway CMe3100 version 1.12.1, which can be exploited by an attacker to use commands without providing a password, resultin...
Elvaco M-Bus Metering Gateway CMe3100 File Upload Vulnerability
Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco. A file upload vulnerability exists in the Elvaco M-Bus Metering Gateway CMe3100 version 1.12.1, which can be exploited by an attacker to remotely execute code...
Unspecified Vulnerability in Elvaco M-Bus Metering Gateway CMe3100
Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco. A security vulnerability in Elvaco M-Bus Metering Gateway CMe3100 version 1.12.1, which stems from insufficient credential protection, can be exploited by an attacker to impersonate Elvaco and send ...
Elvaco M-Bus Metering Gateway CMe3100 Cross-Site Scripting Vulnerability
Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco. A cross-site scripting vulnerability exists in Elvaco M-Bus Metering Gateway CMe3100 version 1.12.1, which can be exploited by an attacker to bypass authentication and take over the administrator...
CVE-2024-49396
The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information...
CVE-2024-49399 Missing Authentication for Critical Function in Elvaco M-Bus Metering Gateway CMe3100
The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information...
CVE-2024-49399 Missing Authentication for Critical Function in Elvaco M-Bus Metering Gateway CMe3100
The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information...
CVE-2024-49399
CVE-2024-49399 affects Elvaco M-Bus Metering Gateway CMe3100 (version 1.12.1). The Red Hat/NVD/CISA-related entries describe a Missing Authentication for Critical Function: an attacker can issue commands without a password, potentially leaking information. Public documents identify the device as ...
CVE-2024-49398 Unrestricted Upload of File with Dangerous Type in Elvaco M-Bus Metering Gateway CMe3100
The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code...
CVE-2024-49398 Unrestricted Upload of File with Dangerous Type in Elvaco M-Bus Metering Gateway CMe3100
The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code...
CVE-2024-49398
The CVE-2024-49398 entry concerns Elvaco M-Bus Metering Gateway CMe3100, affected in version 1.12.1. It describes an Unrestricted Upload of File with a Dangerous Type (CWE-434) vulnerability that may allow remote code execution. Contained documents indicate the issue enables remote execution with...
CVE-2024-49397 Cross-site Scripting in Elvaco M-Bus Metering Gateway CMe3100
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts...
CVE-2024-49397 Cross-site Scripting in Elvaco M-Bus Metering Gateway CMe3100
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts...
CVE-2024-49397
Elvaco M-Bus Metering Gateway CMe3100 (version 1.12.1) is affected by CVE-2024-49397, a cross-site scripting (CWE-79) vulnerability in the web interface that can bypass authentication and potentially takeover the administrator account. The issue is documented in multiple sources (e.g., Red Hat, C...
CVE-2024-49396 Insufficiently Protected Credentials in Elvaco M-Bus Metering Gateway CMe3100
The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information...
CVE-2024-49396
CVE-2024-49396 affects Elvaco M-Bus Metering Gateway CMe3100 (version 1.12.1). The flaw is insufficiently protected credentials, enabling an attacker to impersonate Elvaco and send false information. Public documentation from CISA/ICSA notes remote exploitation with low attack complexity and prov...
CVE-2024-49396 Insufficiently Protected Credentials in Elvaco M-Bus Metering Gateway CMe3100
The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information...
Elvaco M-Bus Metering Gateway CMe3100 (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Elvaco Equipment : M-Bus Metering Gateway CMe3100 Vulnerabilities : Missing Authentication for Critical Function, Unrestricted Upload of File with Dangerous Type, Improper Neutralization of...