CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1064 matches found

Emerson Dixell XWEB-500 - Arbitrary File Write

Emerson Dixell XWEB-500 contains an arbitrary file write caused by unauthenticated access to /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi, letting attackers write any file on the system, exploit requires no authentication. id: CVE-2021-45420 info: name: Emerson...

10CVSS7.4AI score0.88992EPSS

Exploits1References3

RedhatCVE•added 2026/03/27 2:25 p.m.•3 views

CVE-2021-27465

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorre...

6.1CVSS6.9AI score0.0017EPSS

Exploits0References1

RedhatCVE•added 2026/03/27 2:25 p.m.•8 views

CVE-2021-27461

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs...

7.5CVSS6.6AI score0.00329EPSS

Exploits0References1

RedhatCVE•added 2026/03/27 2:25 p.m.•5 views

CVE-2021-27463

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive...

5.3CVSS6.9AI score0.00164EPSS

Exploits0References1

NVD•added 2026/01/13 11:15 p.m.•2 views

CVE-2022-50930

Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execut...

8.5CVSS0.00027EPSS

Exploits0References4

CVE•added 2026/01/13 10:51 p.m.•11 views

CVE-2022-50930

CVE-2022-50930 concerns Emerson PAC Machine Edition 9.80, where the TrapiServer service has an unquoted service path enabling local users to execute code with elevated privileges during service startup. The vulnerability is characterized as Local, with low attack complexity and no user interactio...

8.5CVSS6.6AI score0.00027EPSS

Exploits0References4

Cvelist•added 2026/01/13 10:51 p.m.•18 views

CVE-2022-50930 Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path

8.5CVSS0.00027EPSS

Exploits0References4

Positive Technologies•added 2026/01/13 12:0 a.m.•1 views

PT-2026-2406

Name of the Vulnerable Software and Affected Versions Emerson PAC Machine Edition version 9.80 Description Emerson PAC Machine Edition 9.80 has an issue with an unquoted service path in the TrapiServer service. This could allow local users to potentially run code with higher privileges. An attack...

8.5CVSS6.5AI score0.00027EPSS

Exploits0References6

CNNVD•added 2026/01/13 12:0 a.m.•1 views

Emerson PAC Machine Edition 代码问题漏洞

Emerson PAC Machine Edition is a development environment software from Emerson USA. A code issue vulnerability exists in Emerson PAC Machine Edition version 9.80, which stems from the presence of unquoted service paths to the TrapiServer service, which could lead to code execution by a local user...

8.5CVSS6.2AI score0.00027EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 11:29 a.m.•9 views

CVE-2021-27457

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access...

7.5CVSS6.8AI score0.00056EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:7 a.m.•5 views

CVE-2020-10636

Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained...

7.5CVSS6.9AI score0.00033EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:31 a.m.•5 views

CVE-2019-16353

Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device...

7.5CVSS7.1AI score0.00334EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:29 a.m.•4 views

CVE-2019-12167

httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter...

6.1CVSS5.9AI score0.00314EPSS

Exploits2References1

Zero Day Initiative•added 2025/12/01 12:0 a.m.•3 views

Emerson Movicon RTUSERS File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Emerson Movicon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS7.3AI score0.02813EPSS

Exploits0References1

CISA•added 2025/11/20 12:0 p.m.•3 views

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-324-01 Automated Logic WebCTRL Premium Server ICSA-25-324-02 ICAM365 CCTV Camera Multiple Models...

6.6AI score

Exploits0References6

ICS•added 2025/11/20 7:0 a.m.•3 views

Emerson Appleton UPSMON-PRO

RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on affected installations of Appleton UPSMON-PRO. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

9.8CVSS7.9AI score0.02813EPSS

Exploits0References11