23 matches found
EUVD-2022-52940
Malicious code in bioql PyPI...
EUVD-2022-52942
Malicious code in bioql PyPI...
EUVD-2022-52943
Malicious code in bioql PyPI...
The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the copying of buffers without checking the size of the input data. This allows a malicious actor to cause malfunctions in the system.
The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure through a specially crafted HT...
CVE-2022-31484
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of...
CVE-2022-31483
An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contai...
CVE-2022-31482
An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29...
CVE-2022-31480
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service DoS. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...
CVE-2022-31482
An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29...
CVE-2022-31483
An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contai...
CVE-2022-31486
An authenticated attacker can send a specially crafted route to the “editroute.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303...
Design/Logic Flaw
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which...
Denial of service
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service DoS. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...
CVE-2022-31483 Arbitrary file write via authenticated OSDP file upload
An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contai...
CVE-2022-31482
CVE-2022-31482 is an unauthenticated memory-corruption vector in HID Mercury LNL-4420 devices (advanced_networking.cgi) where an overlong AcctStr string copied via strcpy triggers a crash and forced reboot. This creates an unauthenticated reboot primitive (DoS), and Trellix documents this as part...
CVE-2022-31481 Remote Code Execution via buffer overflow in firmware update process
An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP seri...
CVE-2022-31480 Unauthenticated Firmware Upload and Arbitrary Reboot
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service DoS. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...
CVE-2022-31480
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service DoS. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...
CVE-2022-31479
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which...
CVE-2022-31482
An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29...