Lucene search
K

118 matches found

Prion
Prion
added 2023/02/24 11:15 a.m.26 views

Input validation

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port default 443. Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert...

5CVSS5.3AI score0.00417EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2023/02/24 12:0 a.m.37 views

CVE-2023-0595

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port default 443. Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert...

5.3CVSS5.6AI score0.00417EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/24 12:0 a.m.7 views

CVE-2023-0595

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port default 443. Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert...

5.3CVSS5.3AI score0.00417EPSS
Exploits0References1
NVD
NVD
added 2023/01/31 5:15 p.m.22 views

CVE-2023-22610

A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port...

9.1CVSS9.2AI score0.0057EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/31 12:0 a.m.10 views

CVE-2023-22610

A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port...

9.1CVSS9.2AI score0.0057EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/31 12:0 a.m.33 views

CVE-2023-22610

A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port...

9.1CVSS9.3AI score0.0057EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/08/24 12:0 a.m.6 views

The vulnerability of the ActiveX control on the SCADA server of Measuresoft ScadaPro Server allows a intruder to execute arbitrary code.

The vulnerability of the ActiveX control in the SCADA server of Measuresoft ScadaPro Server relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code in the target system using a specially crafted file...

7.8CVSS7.8AI score0.00294EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/04/29 4:15 p.m.4 views

CVE-2021-43938

Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization...

9.8CVSS7.3AI score0.01028EPSS
Exploits0References1
NVD
NVD
added 2022/04/29 4:15 p.m.29 views

CVE-2021-43938

Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization...

9.8CVSS0.01028EPSS
Exploits0References1
NVD
NVD
added 2022/04/29 4:15 p.m.24 views

CVE-2021-43937

Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...

8.8CVSS0.00344EPSS
Exploits0References1
Prion
Prion
added 2022/04/29 4:15 p.m.21 views

Cross site request forgery (csrf)

Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...

6.8CVSS9AI score0.00344EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/04/29 4:15 p.m.18 views

Authorization

Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization...

7.5CVSS9.6AI score0.01028EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/04/29 3:18 p.m.7 views

CVE-2021-43938 Elcomplus SmartPTT SCADA Server Information Exposure

Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization...

8.1CVSS9.7AI score0.01028EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/29 3:18 p.m.25 views

CVE-2021-43938 Elcomplus SmartPTT SCADA Server Information Exposure

Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization...

8.1CVSS9.8AI score0.01028EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/29 3:17 p.m.26 views

CVE-2021-43937 Elcomplus SmartPTT SCADA Server Cross-site Request Forgery

Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...

7.6CVSS8.9AI score0.00344EPSS
Exploits0References1
ICS
ICS
added 2022/04/19 12:0 a.m.78 views

Elcomplus SmartPTT SCADA Server

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elcomplus Equipment: SmartPTT SCADA Server Vulnerabilities: Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal,...

9.8CVSS8.4AI score0.01096EPSS
Exploits0References5
NVD
NVD
added 2022/04/12 5:15 p.m.33 views

CVE-2022-21155

A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process FHSvrService.exe to exit...

7.5CVSS0.01077EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/02/09 11:15 p.m.6 views

CVE-2022-24321

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo...

7.5CVSS7.1AI score0.00999EPSS
Exploits0References2
OSV
OSV
added 2022/02/09 11:15 p.m.5 views

CVE-2022-24317

A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

7.5CVSS7.1AI score0.01206EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/01/06 12:0 a.m.8 views

Fernhill Software Fernhill Scada Server 资源管理错误漏洞

Fernhill Software Fernhill Scada Server is a free runtime Scada from Fernhill Software, UK. A resource management error vulnerability exists in Fernhill Software Fernhill SCADA Server that stems from the server's lack of effective filtering and processing of message formats. An attacker sending...

7.5CVSS7.3AI score0.01077EPSS
Exploits0References5
Rows per page
Query Builder