46 matches found
CVE-2021-22798
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext� ComBox All Versions...
EUVD-2022-35586
Malicious code in bioql PyPI...
EUVD-2022-35588
Malicious code in bioql PyPI...
EUVD-2021-9933
Malicious code in bioql PyPI...
EUVD-2022-35587
Malicious code in bioql PyPI...
CVE-2022-32516
A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery CSRF. Affected Products: Conext™ ComBox All Versions...
CVE-2022-32515
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox All Versions...
Cross site request forgery (csrf)
A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery CSRF. Affected Products: Conext™ ComBox All Versions...
Design/Logic Flaw
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames ...
Authentication flaw
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox All Versions...
CVE-2022-32516
Schneider Electric Conext ComBox (all versions) is affected by a Cross-Site Request Forgery (CSRF) vulnerability that can cause a configuration override and trigger a reboot loop when a POST-based CSRF is exploited. The issue is a CSRF in the device’s configuration interface that an attacker can ...
CVE-2022-32515
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox All Versions...
Schneider Electric Conext ComBox 跨站请求伪造漏洞
The Schneider Electric Conext ComBox is a communication and monitoring device from Schneider Electric France. The Schneider Electric Conext ComBox suffers from a cross-site request forgery vulnerability that can be exploited by a remote attacker to construct a malicious URI, which induces a reque...
CVE-2022-32516
A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery CSRF. Affected Products: Conext™ ComBox All Versions...
CVE-2022-32517
The CVE-2022-32517 entry describes a CWE-1021 vulnerability in Schneider Electric Conext ComBox (all versions) where there is an improper restriction on rendering UI layers/frames from external addresses. The root cause is the product not restricting rendering within frames against external domai...
CVE-2022-32515
Conext ComBox is affected by CWE-307 due to insufficient restriction of excessive authentication attempts on the admin login form. The vulnerability exists in all versions and could enable brute-force takeover of the admin account when rate limiting is not implemented. The connected sources confi...
Schneider Electric Conext ComBox 安全漏洞
The Schneider Electric Conext ComBox is a powerful communication and monitoring device from Schneider Electric France. A security vulnerability exists in the Schneider Electric Conext ComBox that stems from an improper restriction on its rendering UI layer or frames that could allow an attacker t...
CVE-2022-32517
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames ...
CVE-2022-32515
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox All Versions...
CVE-2022-32517
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames ...