36 matches found
EUVD-2018-11303
Malware in sbrugna...
EUVD-2018-11302
Malware in sbrugna...
EUVD-2023-33598
Malicious code in bioql PyPI...
Rockwell Automation PowerMonitor 1000 Unprotected Alternate Channel (CVE-2024-12371)
A device takeover vulnerability exists in the affected product. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset...
CVE-2024-12373 Rockwell Automation PowerMonitor™ 1000 Denial of Service
A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service...
CVE-2024-12373
CVE-2024-12373 affects Rockwell Automation PowerMonitor 1000. The connected materials confirm a denial-of-service vulnerability caused by a buffer overflow in the device, exploitable over the network with no user interaction required. Public sources (ICS advisory ICSA-24-352-03) detail risk: pote...
CVE-2024-12372
CVE-2024-12372 affects Rockwell Automation PowerMonitor 1000. The issue enables denial-of-service and potentially remote code execution via heap memory corruption, exploitable over the network through the device API that allows unauthenticated policy changes (admin creation, factory resets). Seve...
CVE-2024-12372 Rockwell Automation PowerMonitor™ 1000 Denial of Service
A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a...
CVE-2024-12371
CVE-2024-12371 affects Rockwell Automation Power Monitor 1000. Vulnerability: API allows unauthenticated creation of a Policyholder user with high privileges (edit operations, admin creation, factory reset). Reported impact includes device takeover and potential for remote code execution/DoS via ...
PT-2024-10278
Name of the Vulnerable Software and Affected Versions: Rockwell Automation Power Monitor 1000 affected versions not specified Description: A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer overflow, potentially causing...
Rockwell Automation PowerMonitor 1000 Cross Site Scripting Vulnerability
Rockwell Automation PowerMonitor 1000 is a power monitoring device from Rockwell Automation. The Rockwell Automation PowerMonitor 1000 suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data, which can be exploited by an...
Rockwell Automation PowerMonitor 1000
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PowerMonitor 1000 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code...
Cross site scripting
The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated...
CVE-2023-2072
CVE-2023-2072 affects Rockwell Automation PowerMonitor 1000. Stored cross-site scripting in the product’s web pages allows code injection by an unauthenticated attacker to impact an authenticated user, potentially enabling remote code execution and compromising confidentiality, integrity, and ava...
CVE-2023-2072 Rockwell Automation PowerMonitor 1000 Cross-Site Scripting Vulnerability
The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated...
CVE-2023-2072 Rockwell Automation PowerMonitor 1000 Cross-Site Scripting Vulnerability
The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated...
Rockwell Automation Allen-Bradley PowerMonitor 1000 跨站脚本漏洞
Rockwell Automation PowerMonitor 1000 is a power monitoring device from Rockwell Automation. The Rockwell Automation PowerMonitor 1000 suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data, which can be exploited by an...
Rockwell Automation Allen-Bradley PowerMonitor 1000 Improper Neutralization of Input During Web Page Generation (CVE-2018-19615)
Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted user's web browser to gain access to the affected device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Rockwell Automation Allen-Bradley PowerMonitor 1000 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Rockwell Automation Equipment: Allen-Bradley PowerMonitor 1000 Vulnerabilities: Cross-site Scripting and Authentication Bypass 2. UPDATE INFORMATION This updated...
Allen-Bradley PowerMonitor 1000 Cross-Site Scripting Vulnerability
Rockwell Automation Allen-Bradley PowerMonitor 1000 is a power monitoring device from Rockwell Automation. A cross-site scripting vulnerability exists in the /Security/Security.shtm page in the Rockwell Automation Allen-Bradley PowerMonitor 1000. A remote attacker can exploit this vulnerability t...