14 matches found
EUVD-2022-33561
Malicious code in bioql PyPI...
CVE-2022-29152
The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page...
The software for Mitsubishi Electric GX Works3 programming is vulnerable. The software includes control tools for applications in industrial automation systems, namely MELSOFT iQ AppPortal, MELSOFT Navigator, and Motion Control Setting. This vulnerability allows a malicious individual to execute arbitrary code, disclose protected information, and trigger service failures.
The vulnerabilities of the software for programming Mitsubishi Electric GX Works3, as well as the software tools for managing applications in industrial automation systems such as MELSOFT iQ AppPortal, MELSOFT Navigator, and Motion Control Setting, are related to external control mechanisms...
Mitsubishi Electric FA Engineering Software Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Mitsubishi Electric Equipment : FA Engineering Software Products Vulnerability : External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious...
Mitsubishi Electric MELSOFT iQ AppPortal
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT iQ AppPortal Vulnerabilities: HTTP Request Smuggling, Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of these...
U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three security flaws to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of shortcomings is as follows - CVE-2022-47986 CVSS score: 9.8 - IBM Aspera Faspex Code...
CISA Releases Two Industrial Control Systems Advisories
CISA released two 2 Industrial Control Systems ICS advisories on February 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
Mitsubishi Electric MELSOFT iQ AppPortal
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT iQ AppPortal Vulnerabilities: Missing Authorization, Out-of-bounds Write, NULL Pointer Dereference, Classic Buffer Overflow, HTTP Request Smuggling, Infinite Loop...
Ericom PowerTerm WebConnect Cross-Site Scripting Vulnerability
Ericom PowerTerm WebConnect is a web browser. version 6.0 of Ericom PowerTerm WebConnect is vulnerable to a cross-site scripting vulnerability that originates when the login portal insecurely writes a cross-site scripting attack load to a page from an AppPortal cookie. An attacker could exploit...
CVE-2022-29152
The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page...
CVE-2022-29152
The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page...
Default credentials
The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page...
CVE-2022-29152
The CVE-2022-29152 entry concerns Ericom PowerTerm WebConnect 6.0 Login Portal. Multiple sources (NVD, CNVD, Red Hat advisories, CVE list) describe a cross-site scripting vulnerability where an XSS payload from the AppPortal cookie can be written into the page, enabling client-side JavaScript exe...
Ericom PowerTerm WebConnect 跨站脚本漏洞
Ericom PowerTerm WebConnect is a web browser. version 6.0 of Ericom PowerTerm WebConnect is vulnerable to a cross-site scripting vulnerability that originates when the login portal insecurely writes a cross-site scripting attack load to a page from an AppPortal cookie. An attacker could exploit...