Lucene search
K

173 matches found

CVE
CVE
added 2022/09/26 10:7 a.m.58 views

CVE-2022-36158

Contec FXA3200 (and FLEXLAN FX3000/FX2000 series) versions 1.13.00 and earlier are affected by CVE-2022-36158 due to Insecure Permissions in the Wireless LAN Manager interface, enabling execution of Linux commands with root privileges via a hidden web page (/usr/www/ja/mnt_cmd.cgi). Impact is hig...

8.8CVSS7.9AI score0.01473EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/26 10:7 a.m.4 views

CVE-2022-36158

Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page /usr/www/ja/mntcmd.cgi...

7.3AI score0.01473EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/09/15 12:0 a.m.9 views

PT-2022-23237 · Contec · Contec Fxa3200

Name of the Vulnerable Software and Affected Versions: Contec FXA3200 versions 1.13 and under Description: The issue concerns a hard-coded hash password for the root user stored in the /etc/shadow component. This password is weak and can be cracked in a few minutes. Once the password is obtained,...

8.8CVSS8.7AI score0.00975EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2022/09/15 12:0 a.m.5 views

PT-2022-23236 · Contec · Contec Fxa3200

Name of the Vulnerable Software and Affected Versions: Contec FXA3200 versions 1.13.00 and under Description: The issue allows malicious actors to execute Linux commands with root privilege via a hidden web page /usr/www/ja/mnt cmd.cgi in the Wireless LAN Manager interface due to Insecure...

8.8CVSS8.1AI score0.01473EPSS
Exploits1References8
Cvelist
Cvelist
added 2022/09/13 2:55 p.m.28 views

CVE-2022-38453 Contec Health CMS8000

Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debuginfo' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities...

3CVSS5.2AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/13 2:55 p.m.8 views

CVE-2022-38453 Contec Health CMS8000

Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debuginfo' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities...

3CVSS5AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/13 2:54 p.m.18 views

CVE-2022-3027 Contec Health CMS8000

The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write...

5.7CVSS5.9AI score0.00282EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/13 2:54 p.m.25 views

CVE-2022-38069 Contec Health CMS8000

Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device...

4.3CVSS6.4AI score0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/13 2:54 p.m.6 views

CVE-2022-38069 Contec Health CMS8000

Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device...

4.3CVSS6.8AI score0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/13 2:54 p.m.8 views

CVE-2022-38100 Contec Health CMS8000

The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent...

7.5CVSS6.9AI score0.00768EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/13 2:54 p.m.21 views

CVE-2022-38100 Contec Health CMS8000

The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent...

7.5CVSS7.5AI score0.00768EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/13 2:54 p.m.9 views

CVE-2022-36385 Contec Health CMS8000

A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a...

6.8CVSS6.7AI score0.00359EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/13 2:54 p.m.17 views

CVE-2022-36385 Contec Health CMS8000

A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a...

6.8CVSS6.9AI score0.00359EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/02 9:8 a.m.2 views

Multiple vulnerabilities in Contec FLEXLAN FX3000 and FX2000 series

Overview FLEXLAN FX3000 and FX2000 series provided by Contec Co., Ltd. contain multiple vulnerabilities listed below. Hidden Functionality CWE-912 - CVE-2022-36158 Use of Hard-coded Credentials CWE-798 - CVE-2022-36159 Thomas J. Knudsen and Samy Younsi of Necrum Security Labs reported these...

8.8CVSS7.5AI score0.01473EPSS
Exploits2References10
ICS
ICS
added 2022/09/01 6:0 a.m.48 views

Contec Health CMS8000 Patient Monitor (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Contec Health Equipment: CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor Vulnerabilities: Improper Access Control, Uncontrolled Resource Consumption, Use of Hard-Coded Credentials, Active Debug Code 2. RISK EVALUATION...

7.5CVSS7AI score0.00768EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/09/01 12:0 a.m.6 views

Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 安全漏洞

The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Health. A security vulnerability exists in the Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor that stems from multiple binary application files on the CMS8000 device...

4.4CVSS5.3AI score0.00175EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/01 12:0 a.m.9 views

Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 安全漏洞

The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Japan. The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor suffers from a security vulnerability that stems from a failure of the CMS800 device when attempting to par...

7.5CVSS7.2AI score0.00768EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/01 12:0 a.m.7 views

Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 访问控制错误漏洞

The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Health. The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor has an access control error vulnerability that stems from its inability to properly control or clean the...

5.7CVSS6.2AI score0.00282EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/01 12:0 a.m.4 views

Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 访问控制错误漏洞

The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Health. The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor suffers from an Access Control Error vulnerability that originates from a threat actor with transient acce...

6.8CVSS6.7AI score0.00359EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/01 12:0 a.m.6 views

Contec FLEXLAN FX3000和FX2000 信任管理问题漏洞

The Contec FLEXLAN FX3000 and Contec FLEXLAN FX2000 are both wireless LAN access points from Contec Japan. A security vulnerability exists in the Contec FLEXLAN FX3000 version prior to 1.16.00 and the FX2000 version prior to 1.39.00. An attacker could exploit the vulnerability to access product...

8.8CVSS7.8AI score0.00975EPSS
Exploits1References6
Rows per page
Query Builder