EUVD-2016-5482

Malware in sbrugna...

KMC Controls BAC-5051E Multiple Vulnerabilities

KMC Controls BAC-5051E is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

KMC Controls BAC-5051E Security Bypass Vulnerability

KMC Controls BAC-5051E is a router product for use in building automation systems from KMC Controls, USA. A security vulnerability exists in the KMC Controls BAC-5051E using firmware versions prior to E0.2.0.2. A remote attacker could use this vulnerability to bypass established access restrictio...

CVE-2016-4495

KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors...

CVE-2016-4494

Cross-site request forgery CSRF vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file...

CVE-2016-4494

Cross-site request forgery CSRF vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file...

Design/Logic Flaw

KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors...

CVE-2016-4494

Cross-site request forgery CSRF vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file...

CVE-2016-4494

CVE-2016-4494 affects KMC Controls BAC-5051E routers with firmware prior to E0.2.0.2. The vulnerability is a cross-site request forgery (CSRF) that allows an unauthenticated or remote attacker to hijack a user’s session and read the device’s configuration contents via the web interface. Connected...

CVE-2016-4495

KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors...

CVE-2016-4495

CVE-2016-4495 affects KMC Controls BAC-5051E routers with firmware prior to E0.2.0.2. The issue allows remote attackers to bypass access restrictions and read a configuration file via unspecified vectors. NVD/NIST records a CVSS v3 base score of 5.3 (Network, low complexity, no privileges require...

KMC Controls Conquest BACnet Router Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on May 5, 2016, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified authentication and cross-site request forgery CSRF vulnerabilities in KMC Controls’ Conquest...