15 matches found
EUVD-2025-13263
Malicious code in bioql PyPI...
CISA Releases Thirteen Industrial Control Systems Advisories
CISA released thirteen Industrial Control Systems ICS advisories on July 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-191-01 Siemens SINEC NMS ICSA-25-191-02 Siemens Solid Edge ICSA-25-191-03 Siemens TI...
KUNBUS Revolution Pi 代码问题漏洞
KUNBUS Revolution Pi is an open, modular and cost-effective Raspberry Pi based industrial PC from KUNBUS. A code issue vulnerability exists in the KUNBUS Revolution Pi that stems from a type conversion error that could lead to authentication bypass...
CVE-2025-24522
KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system...
CVE-2025-36558 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...
CVE-2025-36558 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...
CVE-2025-35996 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, t...
CVE-2025-35996 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, t...
CVE-2025-24522 KUNBUS Revolution Pi Authentication Bypass by Primary Weakness
KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system...
CVE-2025-24522 KUNBUS Revolution Pi Authentication Bypass by Primary Weakness
KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system...
CVE-2025-24522
CVE-2025-24522 affects KUNBUS Revolution Pi OS Bookworm 01/2025 where Node-RED authentication is not configured by default. An unauthenticated remote attacker can gain full access to the Node-RED server and execute arbitrary OS commands (impacting PLC control). Connected sources describe the root...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on May 1, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-121-01 KUNBUS GmbH Revolution Pi ICSMA-25-121-01 MicroDicom DICOM Viewer CISA encourages...
PT-2025-18691 · Kunbus +1 · Kunbus Revolution Pi Os +1
Name of the Vulnerable Software and Affected Versions: KUNBUS Revolution Pi OS Bookworm 01/2025 Description: The issue arises because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server, where the...
KUNBUS Revolution Pi 操作系统命令注入漏洞
KUNBUS Revolution Pi is an open, modular and cost-effective industrial PC based on Raspberry Pi from KUNBUS. The KUNBUS Revolution Pi suffers from an operating system command injection vulnerability that stems from the arrSaveConfig parameter of the php/dal.php endpoint containing an operating...
KUNBUS Revolution Pi 路径遍历漏洞
KUNBUS Revolution Pi is an open, modular and cost-effective Raspberry Pi based industrial PC from KUNBUS. A path traversal vulnerability exists in the KUNBUS Revolution Pi, which stems from the dir parameter of the /pictory/php/getFileList.php page containing a path traversal vulnerability...