ECOA Building Automation System Arbitrary File Deletion Vulnerability

ECOA building automation systems suffer from an arbitrary file deletion vulnerability. Many versions are affected. ECOA Building Automation System Arbitrary File Deletion Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS...

ECOA Building Automation System Directory Traversal Vulnerability

ECOA building automation systems suffer from directory traversal vulnerability that allows for content disclosure. Many versions are affected. ECOA Building Automation System Directory Traversal Content Disclosure Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected...

ECOA Building Automation System Cross Site Request Forgery

ECOA Building Automation System Cross-Site Request Forgery Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1.0 ECOA...

ECOA Building Automation System Local File Disclosure Vulnerability

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

JTEKT TOYOPUC Products

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: JTEKT Corporation Equipment: TOYOPUC products Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...

Sensormatic Electronics KT-1

1. EXECUTIVE SUMMARY Vendor: Sensormatic Electronics, LLC., a subsidiary of Johnson Controls, Inc. Equipment: KT-1 Vulnerability: Use of Unmaintained Third-party Components 2. RISK EVALUATION The affected product uses an unsupported version of Microsoft Windows CE. This version may not receive...

CVE-2021-37911

The management interface of BenQ smart wireless conference projector does not properly control user's privilege. Attackers can access any system directory of this device through the interface and execute arbitrary commands if he enters the local subnetwork...

The vulnerability of the mdb database in the interactive graphical SCADA system allows a intruder to trigger a service failure.

The vulnerability of the mdb database in the Interactive Graphical SCADA System IGSS is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2021-21867

creationtimestamp| type| source ---|---|--- 2021-08-18 18:17:07+00:00| seen| https://t.me/cibsecurity/27530 2026-03-17 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01...

Advantech WebAccess/NMS

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/NMS Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the exposure of resources or functionality and...

COMMAX Smart Home IoT Control System CDP-1020n SQL Injection

COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: CDP-1020n 481 System Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides...

COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass Vulnerability

Exploit Title: COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page:...

COMMAX Biometric Access Control System 1.0.0 Authentication Bypass

COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.0.0 Summary: Biometric access control system. Desc: The application suffers from an authentication bypass vulnerability. An unauthenticated...

COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass

Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The application suffers from an SQL Injection vulnerability. Input passed through the 'id' POST parameter in 'loginstart.asp' is not properly...

COMMAX Biometric Access Control System 1.0.0 Cookie Reflected XSS

Summary Biometric access control system. Description The application is vulnerable to an unauthenticated reflected cross-site scripting XSS vulnerability. Input passed to the Cookies 'CMXADMINNM' and 'CMXCOMPLEXNM' is not properly sanitised before being returned to the user. This can be exploited...

MAC1100 PLC 安全漏洞

The MAC1100 PLC is an industrial control product PLC. A security vulnerability exists in the MAC1100 PLC that can be exploited by an attacker to gain access to the system and escalate privileges via a crafted package...

Jetbrains JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains, a Czech company. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in versions of JetBrains TeamCity...

CVE-2021-33486

creationtimestamp| type| source ---|---|--- 2021-08-03 20:28:40+00:00| seen| https://t.me/cibsecurity/26752 2026-03-17 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01...

CVE-2021-23414

creationtimestamp| type| source ---|---|--- 2021-07-28 12:13:10+00:00| seen| https://t.me/cibsecurity/26551 2025-12-09 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-343-02...

LCDS LAquis SCADA

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...