10 matches found
CVE-2023-1552
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...
CVE-2023-1552
Summary: CVE-2023-1552 concerns GE Gas Power ToolBoxST before 7.10, with a deserialization vulnerability that lets an attacker execute code in a Toolbox user’s context by deserializing an untrusted configuration file. Affected software: ToolboxST versions prior to 7.10 (ToolboxST is a control-sys...
CVE-2023-1552 ToolboxST Deserialization of Untrusted Configuration Data
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...
CVE-2022-37952
A reflected cross-site scripting XSS vulnerability exists in the iHistorian Data Display of WorkstationST v07.09.15 could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than i...
CVE-2022-37953
An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST v07.09.15 and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantl...
Design/Logic Flaw
An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST v07.09.15 and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantl...
Cross site scripting
A reflected cross-site scripting XSS vulnerability exists in the iHistorian Data Display of WorkstationST v07.09.15 could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than i...
CVE-2022-37952 WorkstationST - Reflected XSS in iHistorian Data Display Tags
A reflected cross-site scripting XSS vulnerability exists in the iHistorian Data Display of WorkstationST v07.09.15 could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than i...
CVE-2022-37952
General Electric WorkstationST is affected by a reflected XSS in the iHistorian Data Display, specifically in WorkstationST versions prior to 07.09.15. The issue impacts the iHistorian Data Display component and can allow an attacker to compromise a victim’s browser. WorkstationST v07.09.15 is re...
CVE-2022-37953 WorkstationST - Response Splitting in AM Gateway Challenge-Response
An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST v07.09.15 and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantl...