CVE-2026-4760 Potential unauthorized access to files on the Web HMI server host

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...

CVE-2026-4760

From CVE-2026-4760, Panorama Web HMI allows an attacker to gain read access to certain Web HMI server files if the attacker knows the file paths and the files are accessible to the Servin process execution account. Affected installations include Panorama Suite 2022-SP1 (22.50.005) unless PS-2210-...

Codra Panorama Suite 安全漏洞

Codra Panorama Suite is an industrial process monitoring software platform developed by the French company Codra. There is a security vulnerability in Codra Panorama Suite, which allows attackers to potentially read files on the Web HMI server...

CVE-2025-41768

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

CVE-2025-41768

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

CVE-2025-41768

Summary: CVE-2025-41768 affects TwinCAT 3 HMI Server. An authenticated administrator can inject arbitrary content into the device’s custom CSS field, which is persisted and later echoed on login and error pages, constituting a stored XSS. The connected Red Hat, NVD, CVE list, and security feeds d...

CVE-2024-4105

A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw Reflected XSS that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product UR...

PROMOTIC SCADA/HMI Webserver Directory Traversal Vulnerability

The host is running PROMOTIC SCADA/HMI Webserver and is prone to directory traversal vulnerability. OpenVAS Vulnerability Test $Id: gbpromoticscadahmiserverdirtravvuln.nasl 7052 2017-09-04 11:50:51Z teissa $ PROMOTIC SCADA/HMI Webserver Directory Traversal Vulnerability Authors: Veerendra G.G...