Lucene search
K

90 matches found

Cvelist
Cvelist
added 2022/06/14 9:21 a.m.15 views

CVE-2022-30229

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of a user, such as credentials, in case that user's id is known...

8.6CVSS5.4AI score0.00712EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.5 views

Siemens SICAM GridEdge Essential 访问控制错误漏洞

SICAM GridEdge enables IoT functionality in your existing IEC 61850 devices with just a few clicks.An authentication error vulnerability in Siemens SICAM GridEdge results from the fact that the affected software does not authenticate access to privileged functions, which can be exploited to creat...

9.8CVSS5.5AI score0.01027EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.7 views

Siemens SICAM GridEdge Essential 授权问题漏洞

SICAM GridEdge enables IoT functionality in your existing IEC 61850 devices with just a few clicks.Siemens SICAM GridEdge is vulnerable to an authentication error, which stems from the fact that the affected software does not require authenticated access to privileged functions and can be exploit...

8.6CVSS5.6AI score0.00712EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/03/08 12:0 a.m.6 views

PT-2022-16671 · Unknown · Simple Diagnostics Agent

Name of the Vulnerable Software and Affected Versions: The Simple Diagnostics Agent versions 1.0 up to version 1.57 Description: The issue concerns the lack of authentication checks for functionalities accessible via localhost on http port 3005. This allows an attacker to access administrative or...

7.8CVSS7.5AI score0.00508EPSS
Exploits2References6
ICS
ICS
added 2022/03/08 12:0 a.m.165 views

Siemens RUGGEDCOM ROS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

6.8AI score
Exploits0References10
CNVD
CNVD
added 2021/10/08 12:0 a.m.28 views

ECOA BAS controller unauthorized access vulnerability

ECOA BAS controller is an intelligent lighting control solution. an unauthorized access vulnerability exists in ECOA BAS controller, which can be exploited by remote attackers to bypass authorization to access hidden resources in the system and perform privileged functions...

6.5CVSS4.8AI score0.00842EPSS
Exploits1
CNNVD
CNNVD
added 2021/09/30 12:0 a.m.6 views

Ecoa Bas controller 安全漏洞

ECOA BAS controller is an intelligent lighting control solution. an unauthorized access vulnerability exists in ECOA BAS controller, which can be exploited by remote attackers to bypass authorization to access hidden resources in the system and perform privileged functions...

8.8CVSS8AI score0.00842EPSS
Exploits1References2
NVD
NVD
added 2021/01/19 10:15 a.m.16 views

CVE-2021-22850

HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions...

9.8CVSS6.3AI score0.0099EPSS
Exploits0References2
Prion
Prion
added 2021/01/19 10:15 a.m.20 views

Design/Logic Flaw

HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions...

7.5CVSS9.2AI score0.0099EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/01/19 10:5 a.m.14 views

CVE-2021-22850 HGiga OAKloud Portal - Security Misconfiguration

HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions...

5.3CVSS9.5AI score0.0099EPSS
Exploits0References2
CVE
CVE
added 2021/01/19 10:5 a.m.41 views

CVE-2021-22850

CVE-2021-22850 concerns the HGiga EIP product, where an ineffective access control on certain pages permits attackers to access databases and perform privileged functions. The issue is described consistently across sources, with NVD citing two CVSS measurements: CVSS v2.0 base score 7.5 (HIGH) an...

9.8CVSS7.2AI score0.0099EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/08/14 12:0 a.m.3 views

Citrix Systems XenMobile Server Access Control Error Vulnerability

Citrix Systems XenMobile Server is a mobility management solution from Citrix Systems. The solution is able to manage mobile devices, develop mobile policies and compliance rules, and gain insight into the operation of mobile mobile networks. A security vulnerability exists in Citrix Systems...

9.8CVSS6.9AI score0.0164EPSS
Exploits0References1
NVD
NVD
added 2019/06/27 4:15 p.m.17 views

CVE-2019-7226

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the...

8.8CVSS9.1AI score0.0526EPSS
Exploits2References4
Prion
Prion
added 2019/06/27 4:15 p.m.21 views

Authentication flaw

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the...

5.8CVSS8.9AI score0.0526EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2019/06/27 3:52 p.m.73 views

CVE-2019-7226

The CVE-2019-7226 issue affects ABB IDAL HTTP server CGI interface in PB610 Panel Builder 600. The /cgi/loginDefaultUser endpoint allows an unauthenticated attacker to bypass authentication by creating an authenticated session and returning the session token along with the user credentials (usern...

8.8CVSS8.9AI score0.0526EPSS
Exploits2References4Affected Software1
Packet Storm
Packet Storm
added 2019/06/21 12:0 a.m.118 views

ABB IDAL HTTP Server Authentication Bypass

XL-19-010 - ABB IDAL HTTP Server Authentication Bypass Vulnerability ======================================================================== Identifiers ----------- XL-19-010 CVE-2019-7226 ABBVU-IAMF-1902005 CVSS Score ---------- 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected vendor...

0.0526EPSS
Exploits2
Prion
Prion
added 2019/01/03 3:29 p.m.21 views

Code injection

When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to privileged functions meant to only be accessible from the TEE in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions IPQ8074, MDM9206,...

7.2CVSS7.6AI score0.00223EPSS
Exploits0References2
NVD
NVD
added 2019/01/03 3:29 p.m.22 views

CVE-2017-18141

When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to privileged functions meant to only be accessible from the TEE in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions IPQ8074, MDM9206,...

7.8CVSS7.6AI score0.00223EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2016/10/13 12:0 a.m.7 views

Adobe Acrobat and Reader Security Bypass (APSB16-33: CVE-2016-6957; CVE-2016-6958)

This vulnerability is an instance of a security bypass in Adobe Reader JavaScript engine. This vulnerability could be exploited to bypass the engine security restrictions. Successful exploitation of this issue could allow an attacker to execute privileged JavaScript functions...

10CVSS8.9AI score0.05808EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2015/07/01 12:0 a.m.43 views

SQLite Default Value Authorization Bypass Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DEFAULT...

7.5CVSS8.8AI score0.02766EPSS
Exploits0References1
Rows per page
Query Builder