97 matches found
CVE-2018-18878
In firmware version MS2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable...
Directory traversal
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a readoutsrd.php directory traversal issue makes it possible to read any file present on the underlying operating system...
Input validation
In firmware version MS2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable...
Cross site scripting
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting XSS vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php...
CVE-2018-18875
CVE-2018-18875 affects Columbia Weather Systems Weather MicroServer firmware MS_2.6.9900 (and prior). It is a stored XSS vulnerability in changestationname.php that could let remote authenticated users inject arbitrary web script. The ICS-CERT advisory notes a fixed firmware MS_2.7.9973 and recom...
CVE-2018-18875
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting XSS vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php...
CVE-2018-18876
CVE-2018-18876 affects Columbia Weather Systems Weather MicroServer firmware MS_2.6.9900 (and earlier). A path traversal vulnerability in readouts_rd.php could allow an attacker over the network to read files from the underlying OS, with confidentiality impact (C:L) and no integrity/availability ...
CVE-2018-18876
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a readoutsrd.php directory traversal issue makes it possible to read any file present on the underlying operating system...
CVE-2018-18877
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page configmain.php that allows manipulation of the device...
CVE-2018-18877
CVE-2018-18877 affects the Columbia Weather MicroServer firmware MS_2.6.9900. An authenticated web user can access an alternate configuration page (config_main.php) and manipulate the device due to improper authentication. The vulnerability is documented with a high CVSS v3 base score (8.8; AV:N/...
CVE-2018-18880
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting XSS vulnerability allows remote authenticated users to inject arbitrary web script...
CVE-2018-18879
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php...
CVE-2018-18879
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php...
Command injection
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php...
CVE-2018-18878
CVE-2018-18878 affects Columbia Weather MicroServer firmware MS_2.6.9900 where the BACnet daemon improperly validates input, allowing a remote attacker to send crafted packets and cause a denial-of-service/unavailability. Red Hat/NVD references corroborate the vulnerability and its high 7.5 (CVSS...
CVE-2018-18878
In firmware version MS2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable...
CVE-2018-18879
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php...
CVE-2018-18880
CVE-2018-18880 affects Columbia Weather Systems Weather MicroServer firmware MS_2.6.9900. A cross-site scripting flaw in the page networkdiags.php allows remote authenticated users to inject arbitrary web scripts (CWE-79). Root cause: improper input handling in the affected web page. Impact is XS...
CVE-2018-18880
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting XSS vulnerability allows remote authenticated users to inject arbitrary web script...
Columbia Weather Systems Weather MicroServer Unauthorized Access Vulnerability
Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. An authorized access vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and earlier versions. An attacker could use this vulnerability to bypass...