849 matches found
Authentication flaw
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...
CVE-2017-13997
The CVE-2017-13997 issue affects Schneider Electric InduSoft Web Studio (v8.0 SP2 or prior) and InTouch Machine Edition (v8.0 SP2 or prior). It is a Missing Authentication for Critical Function vulnerability (CWE-306) that could allow a remote attacker to bypass server authentication and trigger ...
CVE-2017-13997
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...
CVE-2017-12733
A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may crea...
CVE-2017-12733
A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may crea...
Authentication flaw
A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may crea...
CVE-2017-12733
CVE-2017-12733 affects OPW Fuel Management Systems SiteSentinel Integra 100, Integra 500, and SiteSentinel iSite ATG consoles with firmware older than V175, V175–V189, V191–V195, and V16Q3.1. The vulnerability arises from Missing Authentication for a Critical Function, allowing an attacker to cre...
CVE-2017-12733
A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may crea...
Patching non-exported, non-system-service kernel functions
Patching non-exported, non-system-service kernel functions KAV's kernel patching is not limited to just system services, however. One of the most dangerous hooks that KAV installs is one in the middle of the nt!SwapContext function, which is neither exported nor a system service and thus has no...