Lucene search
K

41 matches found

Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.7 views

PT-2025-44154

Name of the Vulnerable Software and Affected Versions TropOS 4th Gen affected versions not specified Description The “Diagnostics Tools” page within the web-based configuration utility does not adequately validate user-supplied input. This allows a user with high-level authentication to inject...

7.5CVSS6.9AI score0.00291EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.5 views

Hitachi TropOS 4th Gen 操作系统命令注入漏洞

Hitachi TropOS 4th Gen is a wireless communication device from Hitachi, Japan. An operating system command injection vulnerability exists in Hitachi TropOS 4th Gen. The vulnerability stems from a command injection in the Logging page of the Network Configuration Tool, which could lead to a...

8.7CVSS7.5AI score0.0109EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.4 views

Hitachi TropOS 4th Gen 操作系统命令注入漏洞

Hitachi TropOS 4th Gen is a wireless communication device from Hitachi, Ltd Hitachi, Japan. An operating system command injection vulnerability exists in Hitachi TropOS 4th Gen. The vulnerability stems from the Diagnostics Tools page in the Web Configuration Tool not properly validating user inpu...

7.5CVSS7.6AI score0.00291EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.6 views

Hitachi TropOS 4th Gen 安全漏洞

Hitachi TropOS 4th Gen is a wireless communication device from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi TropOS 4th Gen, which originates from misuse of scripts and executables, and could allow an unauthorized user to gain unrestricted root shell access...

7.5CVSS6.8AI score0.00139EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.5 views

PT-2025-44153

Name of the Vulnerable Software and Affected Versions TropOS 4th Gen affected versions not specified Description An authenticated user with the ability to run user level shell commands can enable access via secure shell SSH to an unrestricted root shell by making minor configuration changes to th...

7.5CVSS6.5AI score0.00139EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.5 views

PT-2025-44152

Name of the Vulnerable Software and Affected Versions TropOS 4th Gen affected versions not specified Description A command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration...

8.7CVSS7.6AI score0.0109EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2012-4823

Malware in sbrugna...

6.1CVSS6.4AI score0.00911EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 12:7 p.m.11 views

CVE-2012-4898

Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere...

6.1CVSS6.8AI score0.00911EPSS
Exploits0References1
ICS
ICS
added 2024/11/12 7:0 a.m.20 views

Hitachi Energy TRO600

RISK EVALUATION Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive...

7.2CVSS7.7AI score0.01561EPSS
Exploits0References10
NVD
NVD
added 2024/10/29 1:15 p.m.19 views

CVE-2024-41156

Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with higher privilege of write access...

2.7CVSS0.00364EPSS
Exploits0References1
CVE
CVE
added 2024/10/29 12:44 p.m.49 views

CVE-2024-41156

CVE-2024-41156 affects Hitachi Energy TRO600 radios; the issue is a command-execution/privilege-leak risk via the Edge Computing UI, with profile files from TRO600 radios exportable in plaintext and encrypted formats. Exploitation requires authenticated write access, enabling access to configurat...

2.7CVSS3.9AI score0.00364EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/29 12:44 p.m.12 views

CVE-2024-41156

Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with higher privilege of write access...

2.7CVSS3.9AI score0.00364EPSS
Exploits0References1
ICS
ICS
added 2021/08/24 12:0 a.m.328 views

Hitachi ABB Power Grids TropOS

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Hitachi ABB Power Grids Equipment: TropOS Vulnerabilities: Injection, Inadequate Encryption Strength, Missing Authentication for Critical Function, Improper Authentication, Improper Validation of Integrity Check Value,...

6.5CVSS8.1AI score0.06487EPSS
Exploits4References5
ICS
ICS
added 2017/11/14 12:0 a.m.186 views

ABB TropOS

CVSS v3 6.8 Vendor: ABB Equipment: TropOS Vulnerabilities: Security Features AFFECTED PRODUCTS ABB reports that the key reinstallation attacks KRACK potentially affect all TropOS broadband mesh routers and bridges operating on Mesh OS release 8.5.2 or prior. IMPACT Successful exploitation of thes...

8.1CVSS7.7AI score0.04575EPSS
Exploits1References35
ICS
ICS
added 2017/11/14 12:0 a.m.97 views

ABB TropOS (Update A)

CVSS v3 6.8 Vendor: ABB Equipment: TropOS Vulnerabilities: Security Features UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-318-02 ABB TropOS that was published November 14, 2017, on the NCCIC/ICS-CERT website. AFFECTED PRODUCTS ABB reports that th...

8.1CVSS7.8AI score0.04575EPSS
Exploits1References3
NVD
NVD
added 2012/12/18 12:30 p.m.22 views

CVE-2012-4898

Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere...

6.1CVSS6.4AI score0.00911EPSS
Exploits0References2
Prion
Prion
added 2012/12/18 12:30 p.m.17 views

Design/Logic Flaw

Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere...

6.1CVSS6.9AI score0.00911EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2012/12/18 11:0 a.m.67 views

CVE-2012-4898

CVE-2012-4898 affects Tropos Networks’ Mesh OS prior to 7.9.1.1. The vulnerability stems from insufficient entropy used to generate SSH host keys, enabling a remote attacker to perform a Man-in-the-Middle attack by exploiting knowledge of non-unique keys from another installation. Impact includes...

6.1CVSS6.6AI score0.00911EPSS
Exploits0References2Affected Software9
Cvelist
Cvelist
added 2012/12/18 11:0 a.m.29 views

CVE-2012-4898 Tropos Wireless Mesh Routers Insufficient Entropy

Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere...

6.1CVSS6.4AI score0.00911EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2012/12/18 12:0 a.m.6 views

PT-2012-5647 · Tropos · Mesh Os

Name of the Vulnerable Software and Affected Versions: Tropos wireless mesh routers Mesh OS versions prior to 7.9.1.1 Description: The issue is related to insufficient entropy for SSH keys, making it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by...

6.1CVSS6.3AI score0.00911EPSS
Exploits0References4
Rows per page
Query Builder