Lucene search
+L

273 matches found

OSV
OSV
added 2021/09/09 12:15 p.m.6 views

CVE-2021-40223

Rittal CMC PU III Web management version V3.11.002 fails to sanitize user input on several parameters of the configuration User Configuration dialog, Task Configuration dialog and set logging filter dialog. This allows an attacker to backdoor the device with HTML and browser-interpreted content...

5.4CVSS5.8AI score0.00624EPSS
Exploits1References1
Prion
Prion
added 2021/09/09 12:15 p.m.24 views

Remote code execution

Rittal CMC PU III Web management Version affected: V3.11.002. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitiz...

9CVSS7.4AI score0.04693EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/09/09 12:15 p.m.17 views

Design/Logic Flaw

Rittal CMC PU III Web management version V3.11.002 fails to sanitize user input on several parameters of the configuration User Configuration dialog, Task Configuration dialog and set logging filter dialog. This allows an attacker to backdoor the device with HTML and browser-interpreted content...

3.5CVSS5.2AI score0.00624EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/09/09 11:4 a.m.50 views

CVE-2021-40223

CVE-2021-40223 affects Rittal CMC PU III Web management (version V3.11.00_2). The root cause is failure to sanitize user input in multiple configuration dialogs (User Configuration, Task Configuration, and Set Logging Filter). This enables cross-site scripting (XSS) by injecting HTML/JavaScript c...

5.4CVSS5.2AI score0.00624EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/09/09 11:4 a.m.24 views

CVE-2021-40223

Rittal CMC PU III Web management version V3.11.002 fails to sanitize user input on several parameters of the configuration User Configuration dialog, Task Configuration dialog and set logging filter dialog. This allows an attacker to backdoor the device with HTML and browser-interpreted content...

5.4AI score0.00624EPSS
Exploits1References1
CVE
CVE
added 2021/09/09 11:4 a.m.68 views

CVE-2021-40222

CVE-2021-40222 affects Rittal CMC PU III Web management. The vulnerability arises from failure to sanitize user input on the Network TCP/IP configuration page (PU-Hostname field), enabling remote command execution with root privileges via a crafted configuration payload. Affected version: V3.11.0...

9CVSS7.3AI score0.04693EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/09/09 11:4 a.m.23 views

CVE-2021-40222

Rittal CMC PU III Web management Version affected: V3.11.002. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitiz...

7.6AI score0.04693EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.7 views

Rittal CMC PU III 操作系统命令注入漏洞

Rittal CMC PU III is a monitoring system from Rittal, Germany. A security vulnerability exists in the Rittal CMC PU III Web management version V3.11.002, which originates from the inability of the web application to clean up user input on the network TCP/IP configuration page. The vulnerability c...

9CVSS7.2AI score0.04693EPSS
Exploits1References2
OSV
OSV
added 2021/02/22 9:15 p.m.3 views

CVE-2021-26725

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...

4.9CVSS5.8AI score0.01059EPSS
Exploits0References1
NVD
NVD
added 2021/02/22 9:15 p.m.22 views

CVE-2021-26725

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...

8.6CVSS0.01059EPSS
Exploits0References1
NVD
NVD
added 2021/02/22 9:15 p.m.29 views

CVE-2021-26724

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi...

9CVSS0.03074EPSS
Exploits0References1
OSV
OSV
added 2021/02/22 9:15 p.m.4 views

CVE-2021-26724

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi...

7.2CVSS6.1AI score0.03074EPSS
Exploits0References1
Prion
Prion
added 2021/02/22 9:15 p.m.18 views

Path traversal

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...

4CVSS5.1AI score0.01059EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2021/02/22 9:15 p.m.18 views

Command injection

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi...

9CVSS7.5AI score0.03074EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2021/02/22 8:31 p.m.64 views

CVE-2021-26724

The CVE-2021-26724 issue is an OS Command Injection in Nozomi Networks Guardian and CMC web GUI that allows authenticated administrators to run arbitrary OS commands, enabling remote code execution. Affected: Guardian and CMC up to version 20.0.7.3. Root cause: improper handling of date/hostname ...

9CVSS7.5AI score0.03074EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/02/22 8:31 p.m.34 views

CVE-2021-26724 Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi...

8.6CVSS7.8AI score0.03074EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/02/22 8:31 p.m.10 views

CVE-2021-26725 Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...

8.6CVSS6.8AI score0.01059EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/02/22 8:31 p.m.30 views

CVE-2021-26725 Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...

8.6CVSS7.1AI score0.01059EPSS
Exploits0References1
CVE
CVE
added 2021/02/22 8:31 p.m.66 views

CVE-2021-26725

Summary of CVE-2021-26725 (Nozomi Networks Guardian/CMC): A path traversal vulnerability exists in the web GUI timezone setting that, when accessed by an authenticated administrator, can read protected system files. Affected: Nozomi Networks Guardian and CMC up to version 20.0.7.3. Root cause det...

8.6CVSS5.6AI score0.01059EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2021/02/22 12:0 a.m.8 views

Nozomi Networks CMC Operating System Command Injection Vulnerability

NOZOMI Nozomi Networks CMC is an application from NOZOMI USA. It provides centralized OT and IoT security management. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions An operating system command injection vulnerability exists that allows an authenticated administrator to perform...

9CVSS7.4AI score0.03074EPSS
Exploits0References2
Rows per page
Query Builder