Lucene search
K

3452 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.46 views

CVE-2021-22710

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF Configuration Group File file is imported to IGS...

9.3CVSS7.7AI score0.02EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.5 views

CVE-2021-22669

Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system...

9CVSS7.3AI score0.01174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.7 views

CVE-2021-22823

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...

9.1CVSS7AI score0.21388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.7 views

CVE-2021-22805

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21243...

9.1CVSS6.9AI score0.0085EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.9 views

CVE-2021-22674

The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1...

6.5CVSS6.8AI score0.01089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.10 views

CVE-2021-22711

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF Configuration Group File file i...

9.3CVSS6.9AI score0.00796EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.6 views

CVE-2021-22676

UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting XSS, which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA...

6.1CVSS6.1AI score0.00642EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.8 views

CVE-2019-18243

HMI/SCADA iFIX Versions 6.1 and prior allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation...

5.5CVSS6.6AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:52 a.m.9 views

CVE-2020-10615

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication ...

7.5CVSS6.9AI score0.02568EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:50 a.m.8 views

CVE-2020-10618

LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users...

5.5CVSS6.3AI score0.00832EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.5 views

CVE-2023-4985

A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

7.8CVSS6.7AI score0.00356EPSS
Exploits1References1
CNVD
CNVD
added 2025/12/24 12:0 a.m.6 views

Advantech WebAccess/SCADA Directory Traversal Vulnerability

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. Advantech WebAccess/SCADA suffers from a...

7.5CVSS6.1AI score0.00609EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/23 2:39 p.m.25 views

CVE-2024-9684

FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers to cause a denial of service by sending specific message sequences...

7.5CVSS0.00332EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/19 9:14 p.m.5 views

CVE-2025-14848

Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files...

5.3CVSS7AI score0.00558EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/19 9:14 p.m.7 views

CVE-2025-13911

The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issu...

7.3CVSS7AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/19 9:14 p.m.10 views

CVE-2025-67653

Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitrary files...

7.5CVSS7AI score0.00609EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 9:31 p.m.4 views

EUVD-2025-204316

Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands...

6.3CVSS7.5AI score0.0028EPSS
Exploits0References4
OSV
OSV
added 2025/12/18 9:15 p.m.4 views

CVE-2025-46268

Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands...

8.8CVSS6.1AI score0.0028EPSS
Exploits0References3
NVD
NVD
added 2025/12/18 9:15 p.m.4 views

CVE-2025-13911

The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issu...

7.3CVSS0.00221EPSS
Exploits0References3
OSV
OSV
added 2025/12/18 9:15 p.m.4 views

CVE-2025-14850

Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files...

9.1CVSS5.9AI score0.00807EPSS
Exploits0References3
Rows per page
Query Builder