187 matches found
EUVD-2024-25117
Malicious code in bioql PyPI...
EUVD-2024-25116
Malicious code in bioql PyPI...
EUVD-2024-25120
Malicious code in bioql PyPI...
EUVD-2023-31086
Malicious code in bioql PyPI...
EUVD-2024-25118
Malicious code in bioql PyPI...
EUVD-2023-31087
Malicious code in bioql PyPI...
Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC) Multiple Vulnerabilities
RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP compliant access to smart electronic devices. Multiple vulnerabilities exist in the Siemens RUGGEDCOM CROSSBOW Station Access Controller SAC, which can be exploited by attackers to execute arbitrary code or cau...
Siemens RUGGEDCOM CROSSBOW Station Access Controller
SUMMARY RUGGEDCOM CROSSBOW Station Access Controller SAC contains multiple vulnerabilities in the integrated SQLite component that could allow an attacker to execute arbitrary code or to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station...
CVE-2024-27946
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with...
CVE-2024-27947
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client...
CVE-2023-37372
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.4. The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database...
CVE-2023-37373
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.4. The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system...
CVE-2023-27463
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.3. The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database...
CVE-2023-27462
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.3. The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for...
CVE-2023-27411
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.4. The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges...
CVE-2023-27310
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.2. The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to...
CVE-2023-27309
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.2. The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions...
CVE-2024-27941
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database...
CVE-2024-27945
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achie...
CVE-2024-27943
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code...