Lucene search
K

60 matches found

Vulnrichment
Vulnrichment
added 2026/03/12 8:6 p.m.3 views

CVE-2026-3611 Honeywell IQ4x BMS Controller Missing authentication for critical function

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest level 100 context, granting read/write...

10CVSS5.9AI score0.05585EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.6 views

Kieback&Peter Neutrino-GLT 操作系统命令注入漏洞

Kieback&Peter Neutrino-GLT is a building management system from Kieback&Peter, Germany. Kieback&Peter Neutrino-GLT suffers from an operating system command injection vulnerability that stems from a shell command injection in the web component SM70 PHWEB login form, which could lead to the executi...

6.9CVSS7.6AI score0.00946EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

OpenBMCS 跨站请求伪造漏洞

OpenBMCS is a building management and control system from OpenBMCS Australia. A cross-site request forgery vulnerability exists in OpenBMCS version 2.4, which stems from a cross-site request forgery issue in the sendFeedback.php endpoint that could lead to the execution of an administrator action...

5.3CVSS6.8AI score0.00159EPSS
Exploits2References5
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

OpenBMCS 安全漏洞

OpenBMCS is a building management and control system from OpenBMCS Australia. A security vulnerability exists in OpenBMCS version 2.4 that stems from an information disclosure issue in the directory listing function that could lead to sensitive file access...

8.7CVSS6.1AI score0.0046EPSS
Exploits2References5
ICS
ICS
added 2025/10/07 12:30 a.m.12 views

ABB EIBPORT

SUMMARY ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. A firmware update is available that resolves these privately reported vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited these...

8.5CVSS5.8AI score0.00302EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25280

Malicious code in bioql PyPI...

4.1CVSS6.5AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25327

Malicious code in bioql PyPI...

1CVSS6.5AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/22 2:31 p.m.4 views

CVE-2025-8449

CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network...

4.1CVSS6.9AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 2:15 p.m.6 views

CVE-2025-8448

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products...

1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/20 1:58 p.m.11 views

CVE-2025-8448

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products...

1CVSS0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/20 1:58 p.m.3 views

CVE-2025-8448

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products...

1CVSS6.7AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 1:55 p.m.18 views

CVE-2025-8449

CVE-2025-8449 describes an CWE-400 Uncontrolled Resource Consumption vulnerability affecting Schneider Electric EcoStruxure Building Operation Enterprise Server/Enterprise Central/Workstation (BMS family). An authenticated user can send a specially crafted request to a specific endpoint within th...

4.1CVSS6.8AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/20 1:55 p.m.10 views

CVE-2025-8449

CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network...

4.1CVSS0.00236EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.11 views

PT-2025-34059

Name of the Vulnerable Software and Affected Versions: SMB affected versions not specified Description: A vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and th...

1.4CVSS5.8AI score0.0018EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.13 views

PT-2025-34060

Name of the Vulnerable Software and Affected Versions: BMS affected versions not specified Description: An uncontrolled resource consumption issue exists that may lead to a denial of service. An authenticated user sending a specially crafted request to a specific endpoint within the BMS network c...

4.3CVSS6.1AI score0.00236EPSS
Exploits0References9
Zero Science Lab
Zero Science Lab
added 2025/05/22 12:0 a.m.165 views

ABB Cylon Aspect 3.08.03 (projectUpdateBSXFileProcess.php) Remote Guest2Root Exploit

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller is vulnerable to code execution and sudo...

6.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2025/05/22 12:0 a.m.236 views

ABB Cylon Aspect 3.08.03 (MIX->NTPServlet) Time Manipulation

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description ABB Cylon Aspect MIX's NTPServlet allows NTP config changes via the...

5.8AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.125 views

ABB Cylon Aspect 4.00.00 (factorySetSerialNum.php) - Remote Code Execution

Exploit title : ABB Cylon Aspect 4.00.00 factorySetSerialNum.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =4.00.00 Summary: ASPECT is an award-winning scalable buildi...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/15 12:0 a.m.212 views

ABB Cylon Aspect 3.08.03 (CookieDB) - SQL Injection

ABB Cylon Aspect 3.08.03 CookieDB SQL Injection Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.03 Summary: ASPECT is an award-winning scalable building energy management and control soluti...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/15 12:0 a.m.193 views

ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS

ABB Cylon Aspect 3.08.03 MapServicesHandler - Authenticated Reflected XSS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.03 Summary: ASPECT is an award-winning scalable building energy...

7AI score
Exploits0
Rows per page
Query Builder