3s-smart Software Solutions CODESYS Control 安全漏洞

3s-smart Software Solutions CODESYS Control is a suite of industrial control program programming software from 3s-smart Software Solutions, Germany. A security vulnerability exists in 3S-Smart Software Solutions CODESYS Control, which can be exploited by an unauthenticated, remote attacker who ca...

CVE-2022-25251

When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated...

PTC Axeda agent 访问控制错误漏洞

PTC Axeda agent is an agent software from PTC. An access control error vulnerability exists in PTC Axeda agent that allows a remote, unauthenticated attacker to read and modify the configuration of an affected product...

CVE-2020-14504

The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings...

CVE-2021-23842

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and...

CVE-2021-33693

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution...

CVE-2021-33693

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution...

Authorization

A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able t...

Rockwell Automation 1734-AENTR 授权问题漏洞

The Rockwell Automation 1734-AENTR is an industrial device from Rockwell Automation, Inc. It provides an industrial control system. The Rockwell Automation 1734-AENTR suffers from an authorization issue vulnerability that arises from an unauthenticated attacker being able to send a crafted reques...

Hamilton-medical Hamilton-T1 Information Disclosure Vulnerability

The Hamilton-medical Hamilton-T1 is an industrial control device from Hamilton-medical USA. It combines the functionality of a full-featured ICU ventilator with the compactness and ruggedness required for transport Features. An information disclosure vulnerability exists in the Hamilton-T1...

CVE-2020-8030

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster...

GE Digital HMI/SCADA iFIX Permission License and Access Control Issues Vulnerability

Genesys PureEngage Digital is an omni-channel customer interaction management platform from Genesys. The platform supports features such as online chat, email and SMS Short Message Service. A security vulnerability exists in GE Digital HMI/SCADA iFIX that originates from allowing a locally...

CVE-2021-1257 Cisco DNA Center Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The...

UBUNTU-CVE-2020-18185

class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment...

Cisco SD-WAN vManage Software License Issue Vulnerability (CNVD-2020-44061)

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. An authorization issue vulnerability exists in the web management interface in Cisco SD-WAN vManage Software. A remote attacker could exploit this vulnerability with a...

Grundfos CIM 500 Unprotected Credential Storage Vulnerability

The Grundfos CIM 500 is an Ethernet module from the Danish company Grundfos. A security vulnerability exists in Grundfos CIM 500 versions prior to v06.16.00, which stems from the program storing credentials in plaintext form. An attacker could exploit the vulnerability to read sensitive informati...

Cisco IOS XE Command Injection Vulnerability (CNVD-2020-31974)

Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. A command injection vulnerability exists in the Web UI in Cisco IOS XE, which stems from the program failing to perform sufficient input validation for HTTP requests. A remote...

CVE-2019-19108

An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP...

CVE-2019-12645

A vulnerability in Cisco Jabber Client Framework JCF for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected devi...

CVE-2018-12667

The SV3C HD Camera L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability could be used to read and modify the...