493 matches found
PT-2023-31120 · Peplink · Peplink Balance
Name of the Vulnerable Software and Affected Versions: Peplink Balance Two versions prior to 8.4.0 Description: An issue was discovered in the traceroute feature of the administration console, allowing command injection. This enables users with admin privileges to execute arbitrary commands as...
CVE-2023-46099
A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later...
Cross site scripting
A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later...
PT-2023-7000 · Siemens · Simatic Pcs Neo
Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo versions prior to V4.1 Description: The issue is related to a stored cross-site scripting vulnerability in the Administration Console of SIMATIC PCS neo. This vulnerability could allow an attacker with high privileges to injec...
WEM - All Organizational Units under Active Directory Objects are not listed
In some customer environment all OUs Organizational Unit may not be listed in WEM Administration Console - Active Directory Objects - Machines - Add OU. However, administrator can manually add computer objects without any issue...
Siemens SIMATIC PCS neo (Administration Console) Information Disclosure Vulnerability
SIMATIC PCS neo Administration Console is a distributed control system DCS. An information disclosure vulnerability exists in Siemens SIMATIC PCS neo Administration Console, which can be exploited by an attacker to obtain credentials and impersonate an administrator user to gain administrator...
CVE-2023-38558
A vulnerability has been identified in SIMATIC PCS neo Administration Console V4.0 All versions, SIMATIC PCS neo Administration Console V4.0 Update 1 All versions. The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the...
CVE-2023-38558
A vulnerability has been identified in SIMATIC PCS neo Administration Console V4.0 All versions, SIMATIC PCS neo Administration Console V4.0 Update 1 All versions. The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the...
Design/Logic Flaw
A vulnerability has been identified in SIMATIC PCS neo Administration Console V4.0 All versions, SIMATIC PCS neo Administration Console V4.0 Update 1 All versions. The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the...
CVE-2023-38558
Summary of CVE-2023-38558 : Siemens SIMATIC PCS neo Administration Console (V4.0 and V4.0 Update 1) contains an information-disclosure vulnerability that leaks Windows admin credentials to an attacker with local access, enabling impersonation of an admin and potential access to other Windows syst...
CVE-2023-38558
A vulnerability has been identified in SIMATIC PCS neo Administration Console V4.0 All versions, SIMATIC PCS neo Administration Console V4.0 Update 1 All versions. The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the...
PT-2023-5168 · Microsoft +1 · Windows +1
Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo Administration Console versions V4.0 through V4.0 Update 1 Description: The issue is related to a leak of information about files and directories in the administration console of the SIMATIC PCS neo system, which can lead to t...
Siemens SIMATIC PCS neo Administration Console
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
CVE-2023-3717
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farmakom Remote Administration Console allows SQL Injection. This issue affects Remote Administration Console: before 1.02...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farmakom Remote Administration Console allows SQL Injection.This issue affects Remote Administration Console: before 1.02...
CVE-2023-3717
CVE-2023-3717 describes an SQL injection in Farmakom Remote Administration Console (prior to version 1.02) caused by improper neutralization of special elements in SQL commands. The CVSS 3.1 score is 9.8 (CRITICAL) with network attack vector, no privileges, no user interaction, and high impact on...
CVE-2023-3717 SQLi in Farmakoms Remote Administration Console
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farmakom Remote Administration Console allows SQL Injection. This issue affects Remote Administration Console: before 1.02...
CVE-2023-3717 SQLi in Farmakoms Remote Administration Console
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farmakom Remote Administration Console allows SQL Injection. This issue affects Remote Administration Console: before 1.02...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager (CVE-2019-4030)
Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 3.9 & 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has bee...
CVE-2023-27823
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials...