4 matches found
CVE-2022-2140
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
CVE-2022-2140 Elcomplus SmartICS Cross-site Scripting
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
CVE-2022-2140
CVE-2022-2140 affects Elcomplus SmartICS Web-based HMI (v2.3.4.0). The vulnerability arises because input is not neutralized, enabling an authenticated user to inject arbitrary code into specific parameters. CVSSv3.1 base score in advisories is 8.8 (HIGH) with NETWORK attack vector, LOW complexit...
Elcomplus SmartICS
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elcomplus LLC Equipment: SmartICS Vulnerabilities: Improper Access Control, Relative Path Traversal, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...