273 matches found
CVE-2021-40223
Rittal CMC PU III Web management version V3.11.002 fails to sanitize user input on several parameters of the configuration User Configuration dialog, Task Configuration dialog and set logging filter dialog. This allows an attacker to backdoor the device with HTML and browser-interpreted content...
Remote code execution
Rittal CMC PU III Web management Version affected: V3.11.002. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitiz...
Design/Logic Flaw
Rittal CMC PU III Web management version V3.11.002 fails to sanitize user input on several parameters of the configuration User Configuration dialog, Task Configuration dialog and set logging filter dialog. This allows an attacker to backdoor the device with HTML and browser-interpreted content...
CVE-2021-40223
CVE-2021-40223 affects Rittal CMC PU III Web management (version V3.11.00_2). The root cause is failure to sanitize user input in multiple configuration dialogs (User Configuration, Task Configuration, and Set Logging Filter). This enables cross-site scripting (XSS) by injecting HTML/JavaScript c...
CVE-2021-40223
Rittal CMC PU III Web management version V3.11.002 fails to sanitize user input on several parameters of the configuration User Configuration dialog, Task Configuration dialog and set logging filter dialog. This allows an attacker to backdoor the device with HTML and browser-interpreted content...
CVE-2021-40222
CVE-2021-40222 affects Rittal CMC PU III Web management. The vulnerability arises from failure to sanitize user input on the Network TCP/IP configuration page (PU-Hostname field), enabling remote command execution with root privileges via a crafted configuration payload. Affected version: V3.11.0...
CVE-2021-40222
Rittal CMC PU III Web management Version affected: V3.11.002. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitiz...
Rittal CMC PU III 操作系统命令注入漏洞
Rittal CMC PU III is a monitoring system from Rittal, Germany. A security vulnerability exists in the Rittal CMC PU III Web management version V3.11.002, which originates from the inability of the web application to clean up user input on the network TCP/IP configuration page. The vulnerability c...
CVE-2021-26725
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...
CVE-2021-26725
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...
CVE-2021-26724
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi...
CVE-2021-26724
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi...
Path traversal
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...
Command injection
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi...
CVE-2021-26724
The CVE-2021-26724 issue is an OS Command Injection in Nozomi Networks Guardian and CMC web GUI that allows authenticated administrators to run arbitrary OS commands, enabling remote code execution. Affected: Guardian and CMC up to version 20.0.7.3. Root cause: improper handling of date/hostname ...
CVE-2021-26724 Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi...
CVE-2021-26725 Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...
CVE-2021-26725 Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...
CVE-2021-26725
Summary of CVE-2021-26725 (Nozomi Networks Guardian/CMC): A path traversal vulnerability exists in the web GUI timezone setting that, when accessed by an authenticated administrator, can read protected system files. Affected: Nozomi Networks Guardian and CMC up to version 20.0.7.3. Root cause det...
Nozomi Networks CMC Operating System Command Injection Vulnerability
NOZOMI Nozomi Networks CMC is an application from NOZOMI USA. It provides centralized OT and IoT security management. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions An operating system command injection vulnerability exists that allows an authenticated administrator to perform...