14 matches found
CVE-2017-5144
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication...
CVE-2017-5146
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text...
Authentication flaw
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication...
Cross site request forgery (csrf)
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY CSRF vulnerability can allow execution of unauthorized actions on the device such as configuration parameter...
Code injection
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text...
CVE-2017-5145
The CVE-2017-5145 entry describes a CROSS-SITE REQUEST FORGERY (CSRF) vulnerability in Carlo Gavazzi VMU-C EM (firmware before A11_U05) and VMU-C PV (firmware before A17). Successful exploitation can allow unauthorized configuration changes and saving of modified configurations. Public guidance i...
CVE-2017-5144
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication...
CVE-2017-5144
The CVE-2017-5144 issue affects Carlo Gavazzi VMU-C EM (pre-A11_U05) and VMU-C PV (pre-A17) where an access control flaw allows access to most application functions without authentication. According to the ICS-CERT advisory, the root cause is an access-control weakness (CWE-284) enabling remote, ...
CVE-2017-5146
CVE-2017-5146 affects Carlo Gavazzi VMU-C EM (before firmware A11_U05) and VMU-C PV (before firmware A17). The issue is that sensitive information is stored in clear text on these devices, constituting an information disclosure vulnerability. Public sources describe the affected products and firm...
CVE-2017-5146
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text...
Cross-Site Request Forgery Vulnerability in Carlo Gavazzi Automation VMU-C EM and VMU-C PV
Carlo Gavazzi Automation VMU-C EM and VMU-C PV are control modules in the automation products of the Italian company Carlo Gavazzi Automation. A cross-site request forgery vulnerability exists in the Carlo Gavazzi Automation VMU-C EM and VMU-C PV. A remote attacker can exploit the vulnerability b...
Carlo Gavazzi Automation VMU-C EM and VMU-C PV have unauthorized access vulnerabilities
Carlo Gavazzi Automation VMU-C EM and VMU-C PV are control modules in the automation products of the Italian company Carlo Gavazzi Automation. An unauthorized access vulnerability exists in the Carlo Gavazzi Automation VMU-C EM and VMU-C PV. An unauthenticated attacker could exploit the...
Carlo Gavazzi Automation VMU-C EM and VMU-C PV suffer from information disclosure vulnerabilities
Carlo Gavazzi Automation VMU-C EM and VMU-C PV are control modules in the automation products of the Italian company Carlo Gavazzi Automation. The Carlo Gavazzi Automation VMU-C EM and VMU-C PV store sensitive information in clear text, allowing remote attackers to exploit the vulnerability to re...
Carlo Gavazzi VMU-C EM and VMU-C PV
CVSS V3 10 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Carlo Gavazzi Equipment: VMU-C EM, VMU-C PV Vulnerabilities: Access Control Flaws, CSRF, Sensitive Information Stored In Clear Text AFFECTED PRODUCTS Carlo Gavazzi reports that the vulnerabilities affect the following...