CVE-2025-1059

CVE-2025-1059 is associated with Schneider Electric ASCO 5310/5350 Remote Annunciator products. The connected sources describe an Allocation of Resources Without Limits or Throttling vulnerability that could cause communications to stop on the device webserver when malicious packets are received ...

CVE-2025-1059

CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device...

PT-2025-6827 · Schneider Electric · Asco 5310 Single-Channel Remote Annunciator

Name of the Vulnerable Software and Affected Versions: Schneider Electric - ASCO 5310 Single-Channel Remote Annunciator versions all Description: A vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device. This issue is related to...

CVE-2021-22275

Buffer Overflow vulnerability in B Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service...

CVE-2022-43716

A vulnerability has been identified in SIMATIC CP 1242-7 V2 6GK7242-7KX31-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 6GK7243-1BX30-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.4.29, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.4.29,...

CVE-2022-43767

A vulnerability has been identified in SIMATIC CP 1242-7 V2 6GK7242-7KX31-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 6GK7243-1BX30-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.4.29, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.4.29,...

CVE-2022-43768

A vulnerability has been identified in SIMATIC CP 1242-7 V2 6GK7242-7KX31-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 6GK7243-1BX30-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.4.29, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.4.29,...

CVE-2022-21404

Vulnerability in the Helidon product of Oracle Fusion Middleware component: Reactive WebServer. Supported versions that are affected are 1.4.10 and 2.0.0-RC1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Helidon. Successful attacks ...

CVE-2022-1368

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an...

CVE-2019-6568

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with...

CVE-2024-11425

Concrete details found: CVE-2024-11425 is an incorrect calculation of buffer size vulnerability (CWE-131) affecting Schneider Electric Modicon M580 PLCs, BMENOR2200H, and EVLink Pro AC devices. The issue allows a remote attacker to cause a Denial-of-Service by sending crafted HTTPS packets to the...

PT-2025-1361 · Fortinet · Fortiswitch +16

Name of the Vulnerable Software and Affected Versions: FortiManager versions prior to 7.4.3 FortiMail versions prior to 7.0.3 FortiAnalyzer versions prior to 7.4.3 FortiVoice versions 7.0.0, 7.0.1 and prior to 6.4.8 FortiProxy versions prior to 7.0.4 FortiRecorder versions 6.4.0 through 6.4.2 and...

Boa Webserver 跨站脚本漏洞

Boa Webserver is a lightweight and efficient web server software. A cross-site scripting vulnerability exists in Boa Webserver, which stems from improper input neutralization during web page generation, resulting in a cross-site scripting vulnerability...

CVE-2024-49147

Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver...

CVE-2024-48871

The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution...

Siemens Unlocked JTAG Interface / Buffer Overflow

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unlocked JTAG interface and buffer overflow product: Siemens SM-2558 Protocol Element extension module for Siemens SICAM AK3/TM/BC, Siemens CP-2016 & CP-2019 vulnerable...

CVE-2024-52008

Fides (open-source privacy engineering platform) has a password policy bypass in its invite flow. The /api/v1/user/accept-invite endpoint does not enforce the server-side password policy, allowing an invited user to set an arbitrarily weak password during initial account setup despite UI client-s...

CVE-2024-52008 Password Policy Bypass Vulnerability in Fides Webserver

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...

CVE-2024-52008 Password Policy Bypass Vulnerability in Fides Webserver

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...

GHSA-V7VM-RHMG-8J2R Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API

Summary The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API calls can circumvent these checks, enabling the...