8 matches found
Carlo Gavazzi Energy Meters Login Brute Force, Extract Info And Dump Plant Database
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Carlo Gavazzi Energy Meters - Login Brute Force, Extract Info and Dump Plant Database', 'Description' = % This module scans for Carlo Gavazzi...
SQL Injection Vulnerability in Smart Meter Integrated Management System of Xintian Technology Corporation (CNVD-2021-70022)
Xintian Technology Co., Ltd. is a professional manufacturer and supplier of water meters, energy meters and gas meters. A SQL injection vulnerability exists in the Smart Meter Integrated Management System of Xintian Technology Corporation, which can be exploited by attackers to obtain sensitive...
SQL Injection Vulnerability in Smart Meter Integrated Management System of Xintian Technology Corporation (CNVD-2021-70043)
Xintian Technology Co., Ltd. is a professional manufacturer and supplier of water meters, energy meters and gas meters. A SQL injection vulnerability exists in the Smart Meter Integrated Management System of Xintian Technology Corporation, which can be exploited by attackers to obtain sensitive...
SQL Injection Vulnerability in Smart Meter Integrated Management System of Xintian Technology Co.
Xintian Technology Co., Ltd. is a professional manufacturer and supplier of water meters, energy meters and gas meters. A SQL injection vulnerability exists in the Smart Meter Integrated Management System of Xintian Technology Corporation, which can be exploited by attackers to obtain sensitive...
CVE-2020-8809
Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attack...
Code injection
Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attack...
CVE-2020-8809
Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attack...
Carlo Gavazzi Energy Meters - Login Brute Force, Extract Info and Dump Plant Database
This module scans for Carlo Gavazzi Energy Meters login portals, performs a login brute force attack, enumerates device firmware version, and attempt to extract the SMTP configuration. A valid, admin privileged user is required to extract the SMTP password. In some older firmware versions, the SM...