61 matches found
Siemens SICAM A8000 RTU Series Uncaught Exception (CVE-2018-13798)
A vulnerability has been identified in SICAM A8000 CP-8000 All versions V14, SICAM A8000 CP-802X All versions V14, SICAM A8000 CP-8050 All versions V2.00. Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service...
CVE-2021-38178
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious...
CVE-2021-38176
The connected documents confirm a concrete vulnerability: CVE-2021-38176 affects SAP NZDT (a conversion/deployment of SAP S/4HANA 1809 to AWS). The root cause is improper input sanitization in NZDT function modules, allowing an authenticated user with certain privileges to remotely invoke these m...
Siemens TIM 4R-IE Devices
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: TIM 4R-IE Vulnerabilities: Incorrect Type Conversion or Cast, Improper Input Validation, Improper Authentication, Security Features, Null Pointer Dereference, Data Processing Errors,...
CVE-2021-21479
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system...
CVE-2020-6302
CVE-2020-6302 affects SAP Commerce versions 6.7, 1808, 1811, 1905 and 2005. The backoffice URL exposes the jSession ID on initial load, enabling session fixation with potential access to admin accounts and full compromise of confidentiality, integrity, and availability. Red Hat notes the same CVE...
The vulnerability of Google Chrome browser installers, related to insecure management of privileges, allows a perpetrator to gain unauthorized access to information and compromise its integrity and accessibility.
The vulnerability of Google Chrome browser installers is related to insecure management of privileges. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to information and compromise its integrity and availability through a specially created...
Design/Logic Flaw
A vulnerability has been identified in SINEMA Server All versions V14.0 SP2 Update 1. Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability...
Siemens Desigo PX 6.00 Denial Of Service Exploit
!/bin/bash Siemens Desigo PX V6.00 Web Remote Denial of Service Exploit Vendor: Siemens AG Vendor web page: https://www.siemens.com Product web page: https://new.siemens.com/global/en/products/buildings/automation/desigo.html Affected version: Model: PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D...
Code injection
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Val...
CVE-2019-6582
A vulnerability has been identified in Siveillance VMS 2017 R2 All versions V11.2a, Siveillance VMS 2018 R1 All versions V12.1a, Siveillance VMS 2018 R2 All versions V12.2a, Siveillance VMS 2018 R3 All versions V12.3a, Siveillance VMS 2019 R1 All versions V13.1a. An attacker with network access t...
CVE-2019-6574
A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46, SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- All...
Design/Logic Flaw
A vulnerability has been identified in SIMATIC IT LMS All versions, SIMATIC IT Production Suite Versions V7.1 V7.1 Upd3, SIMATIC IT UA Discrete Manufacturing Versions V1.2, SIMATIC IT UA Discrete Manufacturing Versions V1.2, SIMATIC IT UA Discrete Manufacturing Versions V1.3, SIMATIC IT UA Discre...
CVE-2018-11462
A vulnerability has been identified in SINUMERIK 808D V4.7 All versions, SINUMERIK 808D V4.8 All versions, SINUMERIK 828D V4.7 All versions V4.7 SP6 HF1, SINUMERIK 840D sl V4.7 All versions V4.7 SP6 HF5, SINUMERIK 840D sl V4.8 All versions V4.8 SP3. By sending a specially crafted authentication...
Security feature bypass
A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems All versionswithout use of Siemens Healthineers Informatics products, RAPIDLab 1200 Series All versions = V3.0 with Siemens Healthineers Informatics products, RAPIDPoint 500 systems...
PyroBatchFTP < 3.19 - Buffer Overflow Exploit
Exploit for windows platform in category dos / poc ============================================= MGC ALERT 2018-001 - Original release date: December 22, 2017 - Last revised: January 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score...
PyroBatchFTP < 3.19 - Buffer Overflow
============================================= MGC ALERT 2018-001 - Original release date: December 22, 2017 - Last revised: January 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score ============================================= I. VULNERABILITY...
PyroBatchFTP 3.19 - Buffer Overflow
PyroBatchFTP 3.19 - Buffer Overflow ============================================= MGC ALERT 2018-001 - Original release date: December 22, 2017 - Last revised: January 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score =============================================...
Sync Breeze 10.2.12 - Denial of Service Exploit
Exploit for windows platform in category dos / poc ============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088...
Sync Breeze 10.2.12 - Denial of Service
============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088 ============================================= I...