34 matches found
CVE-2019-6549
An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 or Software Version 1.1.13166 through FTP...
CVE-2019-6549
An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 or Software Version 1.1.13166 through FTP...
CVE-2019-6549
CVE-2019-6549 concerns the PR100088 Modbus gateway where plain-text credentials are stored in an XML file and can be retrieved via FTP on all versions prior to Release R02 (or Software Version 1.1.13166). The issue is categorized under Information Exposure Through Get/Internal File Storage, enabl...
Authentication flaw
Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 or Software Version 1.1.13166...
CVE-2019-6527
PR100088 Modbus gateway versions prior to Release R02 or Software Version 1.1.13166 may allow an attacker to be able to change the password for an admin user who is currently or previously logged in, provided the device has not been restarted...
CVE-2019-6527
CVE-2019-6527 affects Kunbus PR100088 Modbus gateway: versions prior to Release R02 (or Software Version 1.1.13166) are vulnerable to an improper authentication flaw that may allow an attacker to change an admin password for a user who is currently or previously logged in, provided the device has...
CVE-2019-6527
PR100088 Modbus gateway versions prior to Release R02 or Software Version 1.1.13166 may allow an attacker to be able to change the password for an admin user who is currently or previously logged in, provided the device has not been restarted...
PT-2019-18145 · Pr Electronics · Pr100088 Modbus Gateway
Name of the Vulnerable Software and Affected Versions: PR100088 Modbus gateway versions prior to Release R02 or Software Version 1.1.13166 Description: The issue allows registers used to store Modbus values to be read and written from the web interface without authentication. Recommendations: For...
PT-2019-18140 · Unknown · Modbus Gateway
Name of the Vulnerable Software and Affected Versions: Modbus gateway versions prior to Release R02 or Software Version 1.1.13166 Description: The issue allows an attacker to change the password for an admin user who is currently or previously logged in, provided the device has not been restarted...
Kunbus PR100088 Modbus Gateway (Update B)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Kunbus Equipment: PR100088 Modbus gateway Vulnerabilities: Improper Authentication, Information Exposure Through Query Strings in GET Request, Missing Authentication for Critical Function, Imprope...
Advantech MESR901 Detection
Detection of Advantech MESR901 Industrial Modbus Copper Ethernet to Serial Gateway. The script sends a connection request to the server and attempts to detect Advantech MESR901 Modbus Gateway devices and to extract its firmware version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text...
Advantech B + B SmartWorx MESR901 Authentication Bypass Vulnerability
Advantech B + B SmartWorx MESR901 is a Modbus gateway. An authentication bypass vulnerability exists in Advantech B + B SmartWorx MESR901. An attacker can exploit the vulnerability to carry out authentication mechanisms and perform unauthorized operations, leading to further attacks...
Advantech B+B SmartWorx MESR901
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech B+B SmartWorx Equipment: MESR901 Vulnerability: Use of Client-Side Authentication AFFECTED PRODUCTS The following versions of MESR901, a Modbus gateway, are affected: MESR901 firmware versions 1.5.2 and prio...
Advantech EKI Vulnerable to Shellshock, Heartbleed
Twice in the past year, security researchers have found and reported critical vulnerabilities in Modbus gateways built by Advantech that are used to connect serial devices in industrial control environments to IP networks. Most recently, independent security researcher Neil Smith found hard-coded...