280 matches found
Design/Logic Flaw
The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service resource consumption via unspecified vectors...
CVE-2012-1806
The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 supports a maximum password length of 8 bytes, which makes it easier for remote attackers to obtain access via a brute-force attack...
CVE-2012-1807
CVE-2012-1807 is an XSS vulnerability in the web server of the ECOM Ethernet module (Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, H4-ECOM100). The issue affects the web interface and allows remote attackers to inject arbitrary script/HTML via unspecified vectors. ...
CVE-2012-1809
The CVE-2012-1809 entry concerns the web server in Koyo ECOM Ethernet modules (H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, H4-ECOM100). Public sources describe an Uncontrolled Resource Consumption vulnerability (CWE-306) that enables remote attackers to cause a DoS th...
CVE-2012-1808
CVE-2012-1808 Details across sources show a vulnerability in the web server of Koyo ECOM modules (H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F/100, H4-ECOM, H4-ECOM-F/100). The issue is Missing Authentication for a Critical Function (CWE-306): the web server does not require authentication to perform ...
CVE-2012-1805
CVE-2012-1805 describes a buffer overflow in the ECOM Ethernet modules (H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, H4-ECOM100) used in DirectLogic DL205/DL06/DL405 PLC families. The root cause is improper handling of long string inputs to unspecified parameters in th...
CVE-2012-1809
The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service resource consumption via unspecified vectors...
CVE-2012-1807
Cross-site scripting XSS vulnerability in the web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-1806
The CVE-2012-1806 entry concerns weak password requirements in the Koyo ECOM Ethernet modules (H0/H0-ECOM, H2-ECOM, H2-ECOM-F/100, H4-ECOM, H4-ECOM-F/100) used with DirectLogic DL06/DL205/DL405 PLC families. The root cause is a maximum 8-byte password limit enabling brute-force access (CWE-521). ...
CVE-2011-4860
The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device aka the Quantum 140NOE771 module generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a ...
Design/Logic Flaw
The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device aka the Quantum 140NOE771 module generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a ...
Hardcoded credentials
The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...
CVE-2011-4861
The modbus125handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device aka the Quantum 140NOE771 module allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502...
CVE-2011-4860
The vulnerability CVE-2011-4860 affects the Schneider Electric Quantum Ethernet Module NOE 771 (aka Quantum 140NOE771*) where the ComputePassword function derives the fwupgrade password from the MAC address. This allows remote attackers to gain access via (1) ARP requests or (2) Neighbor Solicita...
CVE-2011-4859
The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...
CVE-2011-4860
The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device aka the Quantum 140NOE771 module generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a ...
CVE-2011-4861
The CVE-2011-4861 entry concerns Schneider Electric Quantum Ethernet Module (NOE 771 / Quantum 140NOE771*) that allows remote firmware updates via the MODBUS 125 function code sent to TCP port 502 through the modbus_125_handler. This is a software/firmware update mechanism vulnerability in the de...
Schneider Electric Quantum Ethernet Module Hardcoded Credentials Authentication Bypass Vulnerability
Schneider Electric Quantum Ethernet Module is prone to an authentication- bypass vulnerability. Attackers can exploit this issue to gain access to the Telnet port service, Windriver Debug port service, and FTP service. Attackers can exploit this vulnerability to execute arbitrary code within the...
Schneider Electric Quantum Ethernet Module Hardcoded Credentials (Telnet)
Schneider Electric Quantum Ethernet Module is using known default credentials. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
Cisco Nexus 1000V Virtual Ethernet Module VEM 4.04 SV11 through SV13b, as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service ESX or ESXi host OS crash by sending an 802.1Q tagged packet over an...