AVTECH Room Alert Cleartext Storage of Sensitive Information (CVE-2024-33470)

When an administrator authenticates with the device and browses the settings pages, the SMTP password is loaded from the device and presented in the DOM in plaintext. When settings are saved, the SMTP credentials are sent back to the device in plain text. This allows an actor with administrative...

Siemens APE1808 Insertion of Sensitive Information into Sent Data (CVE-2024-47569)

A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiVoice 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.7 through 6.0.12, FortiMail 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.9, FortiOS 7.6.0, 7.4.0 through 7.4.4, 7.2.0...

Siemens SCALANCE and RUGGEDCOM Covert Timing Channel (CVE-2025-27587)

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

Hanwha Vision Camera Improper Privilege Management (CVE-2025-52599)

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the...

Hanwha Vision Camera Use of Hard-coded Cryptographic Key (CVE-2025-52601)

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...

Siemens Ruggedcom ROX Improper Input Validation (CVE-2023-47234)

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and additional NLRI data that lacks mandatory path attributes. This plugin only works with Tenable.ot. Please visit...

Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56838)

Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens Ruggedcom ROX Incorrect Authorization (CVE-2023-46753)

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens Ruggedcom ROX Improper Input Validation (CVE-2024-5642)

CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being not...

Siemens Ruggedcom ROX Exposure of Sensitive Information to an Unauthorized Actor (CVE-2022-0850)

A vulnerability was found in linux kernel, where an information leak occurs via ext4extentheader to userspace. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Schneider Electric Modicon M340 Controller and Communication Modules Improper Input Validation (CVE-2025-6625)

CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56688)

sunrpc: clear XPRTSOCKUPDTIMEOUT when reset transport Since transport-sock has been set to NULL during reset transport, XPRTSOCKUPDTIMEOUT also needs to be cleared. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-53103)

hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk-trans may not be initialized to NULL, which could lead to a dangling pointer. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56698)

usb: dwc3: gadget: looping of queued SG entries The dwc3request-numqueuedsgs is decremented on completion. If a partially completed request is handled, then the dwc3request-numqueuedsgs no longer reflects the total number of numqueuedsgs it would be cleared. This plugin only works with Tenable.ot...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-50237)

wifi: mac80211: do not pass a stopped vif to the driver in .gettxpower Avoid potentially crashing in the driver because of uninitialized private data. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56539)

wifi: mwifiex: Fix memcpy field-spanning write warning in mwifiexconfigscan. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504636;...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-49962)

ACPICA: check null return of ACPIALLOCATEZEROED in acpidbconverttopackage. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504785;...

Siemens SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-46685)

pinctrl: single: fix NULL dereference in pcsgetfunction. pinmuxgenericgetfunction can return NULL and the pointer 'function' was dereferenced without checking against NULL. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-49963)

mailbox: bcm2835: timeout during suspend mode. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504800; scriptversion"1.3";...

Siemens SIPROTEC 5 Use of Get Request Method with Sensitive Query Strings (CVE-2025-40742)

The affected devices include session identifiers in URL requests for certain functionalities. This could allow an attacker to retrieve sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to unauthorized access. This plugin only works with Tenable.ot...