Lucene search
K

280 matches found

Prion
Prion
added 2012/04/13 5:55 p.m.18 views

Design/Logic Flaw

The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service resource consumption via unspecified vectors...

5CVSS7.2AI score0.01358EPSS
Exploits0References1
Cvelist
Cvelist
added 2012/04/13 5:0 p.m.21 views

CVE-2012-1806

The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 supports a maximum password length of 8 bytes, which makes it easier for remote attackers to obtain access via a brute-force attack...

6.7AI score0.02067EPSS
Exploits0References2
CVE
CVE
added 2012/04/13 5:0 p.m.51 views

CVE-2012-1807

CVE-2012-1807 is an XSS vulnerability in the web server of the ECOM Ethernet module (Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, H4-ECOM100). The issue affects the web interface and allows remote attackers to inject arbitrary script/HTML via unspecified vectors. ...

4.3CVSS5.8AI score0.01012EPSS
Exploits0References1Affected Software8
CVE
CVE
added 2012/04/13 5:0 p.m.51 views

CVE-2012-1809

The CVE-2012-1809 entry concerns the web server in Koyo ECOM Ethernet modules (H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, H4-ECOM100). Public sources describe an Uncontrolled Resource Consumption vulnerability (CWE-306) that enables remote attackers to cause a DoS th...

5CVSS6.8AI score0.01358EPSS
Exploits0References1Affected Software8
CVE
CVE
added 2012/04/13 5:0 p.m.54 views

CVE-2012-1808

CVE-2012-1808 Details across sources show a vulnerability in the web server of Koyo ECOM modules (H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F/100, H4-ECOM, H4-ECOM-F/100). The issue is Missing Authentication for a Critical Function (CWE-306): the web server does not require authentication to perform ...

10CVSS6.9AI score0.03581EPSS
Exploits0References2Affected Software8
CVE
CVE
added 2012/04/13 5:0 p.m.52 views

CVE-2012-1805

CVE-2012-1805 describes a buffer overflow in the ECOM Ethernet modules (H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, H4-ECOM100) used in DirectLogic DL205/DL06/DL405 PLC families. The root cause is improper handling of long string inputs to unspecified parameters in th...

10CVSS8.2AI score0.05561EPSS
Exploits0References2Affected Software8
Cvelist
Cvelist
added 2012/04/13 5:0 p.m.23 views

CVE-2012-1809

The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service resource consumption via unspecified vectors...

6.7AI score0.01358EPSS
Exploits0References1
Cvelist
Cvelist
added 2012/04/13 5:0 p.m.18 views

CVE-2012-1807

Cross-site scripting XSS vulnerability in the web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.7AI score0.01012EPSS
Exploits0References1
CVE
CVE
added 2012/04/13 5:0 p.m.52 views

CVE-2012-1806

The CVE-2012-1806 entry concerns weak password requirements in the Koyo ECOM Ethernet modules (H0/H0-ECOM, H2-ECOM, H2-ECOM-F/100, H4-ECOM, H4-ECOM-F/100) used with DirectLogic DL06/DL205/DL405 PLC families. The root cause is a maximum 8-byte password limit enabling brute-force access (CWE-521). ...

7.5CVSS6.9AI score0.02067EPSS
Exploits0References2Affected Software8
NVD
NVD
added 2011/12/17 11:55 a.m.24 views

CVE-2011-4860

The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device aka the Quantum 140NOE771 module generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a ...

10CVSS6.6AI score0.02832EPSS
Exploits0References1
Prion
Prion
added 2011/12/17 11:55 a.m.13 views

Design/Logic Flaw

The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device aka the Quantum 140NOE771 module generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a ...

10CVSS7.2AI score0.02832EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2011/12/17 11:55 a.m.15 views

Hardcoded credentials

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...

10CVSS7AI score0.0404EPSS
Exploits1References7Affected Software21
Cvelist
Cvelist
added 2011/12/17 11:0 a.m.28 views

CVE-2011-4861

The modbus125handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device aka the Quantum 140NOE771 module allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502...

6.8AI score0.03213EPSS
Exploits1References1
CVE
CVE
added 2011/12/17 11:0 a.m.78 views

CVE-2011-4860

The vulnerability CVE-2011-4860 affects the Schneider Electric Quantum Ethernet Module NOE 771 (aka Quantum 140NOE771*) where the ComputePassword function derives the fwupgrade password from the MAC address. This allows remote attackers to gain access via (1) ARP requests or (2) Neighbor Solicita...

10CVSS6.8AI score0.02832EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2011/12/17 11:0 a.m.25 views

CVE-2011-4859

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...

6.4AI score0.0404EPSS
Exploits1References7
Cvelist
Cvelist
added 2011/12/17 11:0 a.m.25 views

CVE-2011-4860

The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device aka the Quantum 140NOE771 module generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a ...

6.6AI score0.02832EPSS
Exploits0References1
CVE
CVE
added 2011/12/17 11:0 a.m.70 views

CVE-2011-4861

The CVE-2011-4861 entry concerns Schneider Electric Quantum Ethernet Module (NOE 771 / Quantum 140NOE771*) that allows remote firmware updates via the MODBUS 125 function code sent to TCP port 502 through the modbus_125_handler. This is a software/firmware update mechanism vulnerability in the de...

10CVSS7.1AI score0.03213EPSS
Exploits1References1Affected Software3
OpenVAS
OpenVAS
added 2011/12/14 12:0 a.m.14 views

Schneider Electric Quantum Ethernet Module Hardcoded Credentials Authentication Bypass Vulnerability

Schneider Electric Quantum Ethernet Module is prone to an authentication- bypass vulnerability. Attackers can exploit this issue to gain access to the Telnet port service, Windriver Debug port service, and FTP service. Attackers can exploit this vulnerability to execute arbitrary code within the...

0.7AI score
Exploits0References4
OpenVAS
OpenVAS
added 2011/12/14 12:0 a.m.85 views

Schneider Electric Quantum Ethernet Module Hardcoded Credentials (Telnet)

Schneider Electric Quantum Ethernet Module is using known default credentials. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.4AI score0.0404EPSS
Exploits2References4
Prion
Prion
added 2011/02/17 6:0 p.m.21 views

Design/Logic Flaw

Cisco Nexus 1000V Virtual Ethernet Module VEM 4.04 SV11 through SV13b, as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service ESX or ESXi host OS crash by sending an 802.1Q tagged packet over an...

7.8CVSS7AI score0.01983EPSS
Exploits0References12Affected Software3
Rows per page
Query Builder