EUVD-2023-42383

Malicious code in bioql PyPI...

CVE-2023-45321

The Android Client application, when enrolled with the define method 1 the user manually inserts the server ip address, use HTTP protocol to retrieve sensitive information ip address and credentials to connect to a remote MQTT broker entity instead of HTTPS and this feature is not configurable by...

CVE-2023-46102

The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric...

CVE-2023-46102

The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric...

CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...

Bosch ctrlX HMI Web Panel WR21 Access Control Error Vulnerability

Bosch ctrlX HMI Web Panel WR21 is an HMI panel from Bosch Germany. A security vulnerability exists in the ctrlX HMI Web Panel WR21 version, which originates from a vulnerability that allows an attacker to force an Android Agent application to connect to a malicious MQTT proxy and send a fake...

Code injection

Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker wi...

CVE-2018-19009

Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker wi...

CVE-2018-19009

CVE-2018-19009 affects Pilz PNOZmulti Configurator (all versions prior to 10.9). The vulnerability stems from clear-text storage of credentials, enabling an authenticated local attacker to view sensitive PMI m107 diag HMI credentials and, with physical access, potentially modify data on that HMI....