44 matches found
EUVD-2018-16646
Malware in sbrugna...
EUVD-2018-3478
Malware in sbrugna...
EUVD-2018-16647
Malware in sbrugna...
EUVD-2018-3480
Malware in sbrugna...
EUVD-2018-16645
Malware in sbrugna...
EUVD-2018-3479
Malware in sbrugna...
Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11478)
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. A remote attacker could cause a denial of service condition by sending specially crafted TCP Selective Acknowledgment SACK sequences to affected products. This plugin only works with Tenable.ot...
Siemens SCALANCE M875 Cross-site Scripting (CVE-2018-11448)
A vulnerability has been identified in SCALANCE M875 All versions. The web interface on port 443/tcp could allow a stored Cross-Site Scripting XSS attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker has access to the web...
Siemens SCALANCE M875 Arbitrary File Read and Write (CVE-2018-4861)
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to...
Siemens SCALANCE M875 Arbitrary OS Command Execution (CVE-2018-4860)
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...
Siemens SCALANCE M875 Insufficiently Protected Credentials (CVE-2018-11449)
A vulnerability has been identified in SCALANCE M875 All versions. An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtai...
Siemens SCALANCE M875 Cross-Site Request Forgery (CVE-2018-11447)
A vulnerability has been identified in SCALANCE M875 All versions. The web interface on port 443/tcp could allow a Cross-Site Request Forgery CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, wh...
Siemens SCALANCE M875 Arbitrary OS Command Execution (CVE-2018-4859)
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...
ICSA-19-253-03_Siemens Industrial Products (Update P)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Excessive Data Query Operations in a Large Data Table, Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2. UPDATE INFORMATION...
CVE-2018-4861
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to...
CVE-2018-4859
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...
CVE-2018-11447
A vulnerability has been identified in SCALANCE M875 All versions. The web interface on port 443/tcp could allow a Cross-Site Request Forgery CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, wh...
Code injection
A vulnerability has been identified in SCALANCE M875 All versions. An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtai...
Security feature bypass
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...
Cross site scripting
A vulnerability has been identified in SCALANCE M875 All versions. The web interface on port 443/tcp could allow a stored Cross-Site Scripting XSS attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker has access to the web...