35 matches found
Lightspeed Classroom 安全漏洞
Lightspeed Classroom is a teaching management platform developed by Lightspeed in the United States, used for classroom device management and student behavior monitoring. Version 5.1.2.1763770643 of Lightspeed Classroom contains a security vulnerability. This vulnerability stems from a client...
EUVD-2020-4821
Malware in sbrugna...
EUVD-2019-4022
Malware in sbrugna...
EUVD-2019-15208
Malware in sbrugna...
EUVD-2020-4823
Malware in sbrugna...
EUVD-2020-4819
Malware in sbrugna...
EUVD-2019-4023
Malware in sbrugna...
PHOENIX CONTACT PLCnext Engineer and PLCnext Control Devices Security Vulnerability
PHOENIX CONTACT PLCnext Engineer and PHOENIX CONTACT PLCnext Control Devices are both products of PHOENIX CONTACT, Germany. PHOENIX CONTACT PLCnext Engineer is an engineering software platform for automation controllers and PHOENIX CONTACT PLCnext Control Devices are programmable logic controller...
CVE-2023-28810
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network...
Siemens Industrial Product Denial of Service Vulnerability (CNVD-2022-87983)
SIMATIC Drive Controllers for the automation of production machines combine the functionality of SIMATIC S7-1500 CPUs with that of SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller. Includes optional visualization features and...
Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices
Cybersecurity researchers on Wednesday disclosed 14 vulnerabilities affecting a commonly-used TCP/IP stack used in millions of Operational Technology OT devices manufactured by no fewer than 200 vendors and deployed in manufacturing plants, power generation, water treatment, and critical...
Phoenix Contact PLCnext Control Devices Cross-Site Scripting Vulnerability
Phoenix Contact PLCnext Control Devices is a programmable logic controller for industrial environments from Phoenix Contact. A cross-site scripting vulnerability exists in Phoenix Contact PLCnext Control Devices prior to version 2021.0 LTS, which originates from an authenticated, low-privileged...
CVE-2020-12521
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot...
CVE-2020-12518
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks...
CVE-2020-12517
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website local privilege escalation...
Design/Logic Flaw
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot...
Privilege escalation
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website local privilege escalation...
Information disclosure
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks...
CVE-2020-12517
Summary: Phoenix Contact PLCnext Control Devices (prior to 2021.0 LTS) are affected by a cross-site scripting vulnerability. An authenticated, low-privileged user can embed malicious JavaScript that executes when an administrator visits the vulnerable web interface, leading to local privilege esc...
CVE-2020-12517 Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website local privilege escalation...