Siemens Energy Services

SUMMARY Siemens Energy Services previously known as Managed Applications and Services, sell solutions using Elspec G5 Digital Fault Recorder which contains default credentials with admin privileges. A client configuration with remote access could allow an attacker to gain remote control of the...

CVE-2024-22085

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable...

CVE-2024-22081

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism...

CVE-2024-22079

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism...

CVE-2024-22077

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions...

CVE-2024-22084

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files...

CVE-2024-22082

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system...

CVE-2024-46603

An XML External Entity XXE vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service DoS via a crafted XML payload...

Elspec G5 Digital Fault Recorder VsFTPd Service Denial of Service (CVE-2021-30047)

Outdated vsftpd service with known DoS issue. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid502820; scriptversion"1.2";...

Elspec G5 Digital Fault Recorder Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2024-22080)

An issue was discovered in Elspec G5 digital fault recorder. Unauthenticated memory corruption can occur during XML body parsing. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Elspec G5 Digital Fault Recorder Stored Cross-Site Scripting (CVE-2024-46602)

An issue was discovered in Elspec G5 digital fault recorder. A stored cross-site scripting XSS vulnerability may allow an attacker to execute arbitrary web scripts or HTML. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Elspec G5 Digital Fault Recorder Inconsistent Interpretation of HTTP Requests (CVE-2024-22081)

An issue was discovered in Elspec G5 digital fault recorder. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Elspec G5 Digital Fault Recorder Exposure of Information Through Directory Listing (CVE-2024-22082)

An issue was discovered in Elspec G5 digital fault recorder. Unauthenticated directory listing can occur: the web interface cay be abused by an attacker get a better understanding of the operating system. This plugin only works with Tenable.ot. Please visit...

Elspec G5 Digital Fault Recorder Path Traversal (CVE-2024-22079)

An issue was discovered in Elspec G5 digital fault recorder. Directory traversal can occur via the system logs download mechanism. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Elspec G5 Digital Fault Recorder Incorrect Default Permissions (CVE-2024-22085)

An issue was discovered in Elspec G5 digital fault recorder. The shadow file is world readable This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

CVE-2024-46602

An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity XXE vulnerability may allow an attacker to cause a Denial of Service DoS via a crafted XML payload...

CVE-2024-46601

Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow...

CVE-2024-46602

An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity XXE vulnerability may allow an attacker to cause a Denial of Service DoS via a crafted XML payload...

CVE-2024-46601

Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow...

Elspec G5 Digital Fault Recorder 安全漏洞

Elspec G5 Digital Fault Recorder is a digital fault recorder from Elspec, Israel. It is used to monitor and record fault events and waveform data in power systems. A security vulnerability exists in Elspec G5 Digital Fault Recorder version 1.2.1.12 and earlier, which stems from a contained buffer...