90 matches found
CVE-2022-30229
A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of a user, such as credentials, in case that user's id is known...
Siemens SICAM GridEdge Essential 访问控制错误漏洞
SICAM GridEdge enables IoT functionality in your existing IEC 61850 devices with just a few clicks.An authentication error vulnerability in Siemens SICAM GridEdge results from the fact that the affected software does not authenticate access to privileged functions, which can be exploited to creat...
Siemens SICAM GridEdge Essential 授权问题漏洞
SICAM GridEdge enables IoT functionality in your existing IEC 61850 devices with just a few clicks.Siemens SICAM GridEdge is vulnerable to an authentication error, which stems from the fact that the affected software does not require authenticated access to privileged functions and can be exploit...
PT-2022-16671 · Unknown · Simple Diagnostics Agent
Name of the Vulnerable Software and Affected Versions: The Simple Diagnostics Agent versions 1.0 up to version 1.57 Description: The issue concerns the lack of authentication checks for functionalities accessible via localhost on http port 3005. This allows an attacker to access administrative or...
Siemens RUGGEDCOM ROS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
ECOA BAS controller unauthorized access vulnerability
ECOA BAS controller is an intelligent lighting control solution. an unauthorized access vulnerability exists in ECOA BAS controller, which can be exploited by remote attackers to bypass authorization to access hidden resources in the system and perform privileged functions...
Ecoa Bas controller 安全漏洞
ECOA BAS controller is an intelligent lighting control solution. an unauthorized access vulnerability exists in ECOA BAS controller, which can be exploited by remote attackers to bypass authorization to access hidden resources in the system and perform privileged functions...
CVE-2021-22850
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions...
Design/Logic Flaw
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions...
CVE-2021-22850 HGiga OAKloud Portal - Security Misconfiguration
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions...
CVE-2021-22850
CVE-2021-22850 concerns the HGiga EIP product, where an ineffective access control on certain pages permits attackers to access databases and perform privileged functions. The issue is described consistently across sources, with NVD citing two CVSS measurements: CVSS v2.0 base score 7.5 (HIGH) an...
Citrix Systems XenMobile Server Access Control Error Vulnerability
Citrix Systems XenMobile Server is a mobility management solution from Citrix Systems. The solution is able to manage mobile devices, develop mobile policies and compliance rules, and gain insight into the operation of mobile mobile networks. A security vulnerability exists in Citrix Systems...
CVE-2019-7226
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the...
Authentication flaw
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the...
CVE-2019-7226
The CVE-2019-7226 issue affects ABB IDAL HTTP server CGI interface in PB610 Panel Builder 600. The /cgi/loginDefaultUser endpoint allows an unauthenticated attacker to bypass authentication by creating an authenticated session and returning the session token along with the user credentials (usern...
ABB IDAL HTTP Server Authentication Bypass
XL-19-010 - ABB IDAL HTTP Server Authentication Bypass Vulnerability ======================================================================== Identifiers ----------- XL-19-010 CVE-2019-7226 ABBVU-IAMF-1902005 CVSS Score ---------- 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected vendor...
Code injection
When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to privileged functions meant to only be accessible from the TEE in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions IPQ8074, MDM9206,...
CVE-2017-18141
When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to privileged functions meant to only be accessible from the TEE in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions IPQ8074, MDM9206,...
Adobe Acrobat and Reader Security Bypass (APSB16-33: CVE-2016-6957; CVE-2016-6958)
This vulnerability is an instance of a security bypass in Adobe Reader JavaScript engine. This vulnerability could be exploited to bypass the engine security restrictions. Successful exploitation of this issue could allow an attacker to execute privileged JavaScript functions...
SQLite Default Value Authorization Bypass Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DEFAULT...